Crypto Companies Will Now Report Cybersecurity Incidents and Strategies to the SEC

SEC mandated that publicly traded corporations, including cryptocurrency businesses, submit yearly reports on their risk management, governance, and strategy for cybersecurity.

Crypto Companies Will Now Report Cybersecurity Incidents and Strategies to the SEC

In an effort to increase investor confidence in publicly traded corporations, the new rule mandates that businesses immediately disclose any significant cybersecurity issues within four working days. Along with a report outlining the occurrence and the timing, businesses must explain how the cyberattack might affect their operations. How businesses will identify which security breaches could have a financial impact is still a mystery.

Whether a company loses a factory in a fire —  millions of files in a cybersecurity incident — it may be material to investors,

SEC Chair Gary Gensler.

Companies to Report How They Audit Cybersecurity Risks

The majority of publicly traded firms currently disclose cybersecurity risks in their investor materials, but the SEC has not yet required them to do so. Public corporations and foreign private issuers are required to disclose how their board oversees cybersecurity risks as well as the role and capabilities of management in identifying and controlling significant risks from cybersecurity attacks.

After the new financial release has been published in the Federal Register, the new obligation will take effect 30 to 180 days later. The full 180 days will be given to smaller businesses to start making their statements. If the U.S. Attorney General considers that immediate disclosure of cybersecurity threats would constitute a significant danger to national security or public safety, registrants may request a postponement of disclosures.