The U.S. Securities and Exchange Commission voted 3-1 to advance new, mandatory cybersecurity rules. The rules would require related entities to adopt and implement written cybersecurity policies. The proposal would also require covered entities to publicly disclose cybersecurity risks and “significant incidents” detected over the past two fiscal years. It would also set forth new record-keeping requirements for advisers and funds and facilitate the SEC’s inspection and enforcement capabilities. The rule is now open for at least a 30-day public comment period.”]
Source: https://www.cuinfosecurity.com/us-sec-proposes-48-hour-incident-reporting-requirement-a-18493