Public companies in the United States, including listed crypto firms, will be required to disclose any major cybersecurity incidents within a four-day time limit, under new rules adopted by the United States securities regulator.
The rules from the United States Securities and Exchange Commission require any public company to disclose a cyberattack within four days of it being deemed "material," except in cases where such disclosure is deemed a possible national security or public safety risk.