SEC rules put time limit on reporting data breaches
So, what is this is basically this requires business in order to describe their process for assessing, identifying and managing material risks from cybersecurity threats. And companies also should disclose their management's ability to assess and manage all these kind of material risks from cyberattacks. So basically, if a company loses a factory in a fire or millions of files in a cybersecurity incident, it may be material to investors