"The rule, which the SEC proposed in March 2022, will give investors and the public at large a more consistent, comparable, and decision-useful way to learn about breaches, according to SEC Chair Gary Gensler, who voted in favor of the final rule.
The key difference between the four-day rule and the many state and federal cybersecurity reporting rules banks already have to follow is that now, public breach disclosures will happen weeks faster than before, and in all jurisdictions.
Public companies do not have to disclose technical specifics of their incident response plans or the potential vulnerabilities involved in the incident by the four-day mark, according to the rule. Rather, they must provide a high-level overview of what took place."
https://www.americanbanker.com/news/banks-must-publicly-disclose-data-breaches-under-new-sec-rule
