The Securities and Exchange Commission (SEC) adopted new rules requiring publicly traded companies to disclose hacking incidents, a measure officials said was to help the investing public contend with the mounting cost and frequency of cyber attacks.
The new cybersecurity rule will require companies to disclose a cyber breach within four days after determining it is serious enough to be material to investors. The rule would allow delays if the Justice Department deems them necessary to protect national security or police investigations, the SEC said.
Republican commissioners dissented, saying the new rule was unnecessary given already existing requirements, unduly burdensome on companies and could offer hackers a roadmap to their targets’ vulnerabilities and the size of ransom to be demanded.
The AI proposal issued on Wednesday would require broker-dealers to “eliminate or neutralize” any conflict of interest that occurs if a trading platform’s predictive data analytics puts the broker’s financial interest ahead of that of the firm’s clients.