Companies will also have to describe periodically what efforts they are making to identify and manage threats in cyberspace. The rule, first proposed in March of 2022, forms part of a broader SEC effort to harden the financial system against data theft, systems failure and cyber-intrusions
The U.S. Securities and Exchange Commission on Wednesday was poised to adopt new rules requiring publicly traded companies to disclose hacking incidents, a measure officials said was being taken to help the investing public contend with the mounting cost and frequency of cyberattacks.
The five-member SEC was also set to issue a proposal governing potential conflicts of interest in broker-dealers’ use of artificial intelligence, a reform partly influenced by the events of the 2021 “meme stock” rally when officials found robo-advisers and brokers used AI and game-like features to drive trading.
If adopted, the cybersecurity rule would require companies to disclose a cyber breach within four days after determining it is serious enough to be material to investors. The rule would allow delays if the Justice Department deems them necessary to protect national security or police investigations, according to the SEC.
Companies will also have to describe periodically what efforts they are making to identify and manage threats in cyberspace. The rule, first proposed in March of 2022, forms part of a broader SEC effort to harden the financial system against data theft, systems failure and cyber-intrusions.
The AI proposal, if issued by the commission, would require broker-dealers to “eliminate or neutralize” any conflict of interest that occurs if a trading platform’s predictive data analytics puts the broker’s financial interest ahead of that of the firm’s clients.
Reuters