New rules requiring publicly-listed firms to disclose serious cybersecurity incidents within four days have been adopted by the US Securities and Exchange Commission (SEC).

The tough new rules, although undoubtedly well-intentioned, are likely to leave some firms angry that they being “micromanaged” and – it is argued – could even assist attackers.

Read more in my article on the Tripwire State of Security blog.