SEC proposes requirements for disclosing cyberattacks, including listed crypto businesses.
The Securities and Exchange Commission-registered cryptocurrency companies that have to comply with the rules include Coinbase, Marathon Digital, and Riot Blockchain.
Under new guidelines from the US securities regulator, public companies, including crypto firms, must disclose severe cybersecurity events within four days.
The United States Securities and Exchange Commission’s guidelines mandate that any publicly traded corporation disclose any cyberattack within four days of it being judged “material,” with the exception of situations where doing so may pose a risk to public safety or national security.
Today we adopted rules to ensure that investors receive consistent information from public companies about material cybersecurity incidents as well as companies' cybersecurity risk management, strategy, and governance.
— U.S. Securities and Exchange Commission (@SECGov) July 26, 2023
The rules were officially adopted as of July 26 and will go into effect 30 days after the adoption release is published in the Federal Register, according to the SEC.
Additionally, registrants must provide recurring reports detailing their policies and practices for identifying and managing cybersecurity risks as well as providing recurring updates on cybersecurity incidents that have already been reported.
According to a statement released by the SEC on July 26, the fresh rules aim to protect investors by enhancing cybersecurity risk management practices.
“Through helping to ensure that companies disclose material cybersecurity information, today’s rules will benefit investors, companies, and the markets connecting them,” explained SEC Chair Gary Gensler.
The updated rules will apply to any publicly traded firm in the United States. Coinbase (COIN), Marathon Digital (MARA), Riot Blockchain (RIOT), and Hive Digital Technologies (HIVE) are some of the publicly traded cryptocurrency companies.
The SEC stated that the need for the new regulations arose from the rise of digital payment methods and the digitization of business processes, as well as the potential of cybercriminals to profit from cyberattacks.
Cryptocurrencies have been frequent targets for North Korea’s state-backed Lazarus Group and other cybercriminals trying to pull off a high-value exploit. Over $850 million worth of Bitcoin systems have been hacked by Lazarus Group via multiple high-profile breaches.
Read More: Lazarus: North Korean Hackers Group Moves $64M ETH from Harmony Bridge Hack
The SEC proposed the cybersecurity rules for the first time in March 2022.