A draft proposal at the SEC would required financial management firms to disclose cybersecurity breaches within 48 hours as the SEC looks to provide continuing guidance on how firms should ensure they are being cyber-diligent.
In addition to the required breach disclosures, firms would be required to maintain incident response plans, maintain detailed records on security risks and incidents, and disclose those risks and prior attacks in marketing material.
Full Story: SEC proposes cyber rules for investment funds and advisors