WASHINGTON—Federal regulators are considering a requirement that publicly traded companies disclose data breaches and other significant cybersecurity incidents within four days, as they seek to strengthen financial markets’ resilience to online attacks.
The Securities and Exchange Commission proposed a rule Wednesday that would impose mandatory reporting for companies around cybersecurity. Commissioners voted 3-1 to issue the proposal, which could be completed after the agency receives and analyzes feedback from the public.
“Cybersecurity incidents, unfortunately, happen a lot,” SEC Chairman
Gary Gensler
said in prepared remarks, noting that successful attacks affect companies’ finances, operations and reputations. “Thus, investors increasingly seek information about cybersecurity risks, which…
