US-listed companies are required to report data breaches to shareholders within four days in the future. Companies should also report past data breaches and what they do about security.

Listed companies are already at risk, but are inconsistent in reporting data breaches and other digital security incidents, US stock market regulator SEC saysThe new rules should clearly state when companies should be notified. Now companies do not report 90 percent of incidents, the SEC says.

Companies are required to notify shareholders of data breaches within four days and to report the consequences of past data breaches from time to time. Information should also be provided on what management is doing to prevent incidents and keep security in order.

Information about digital security is important information for shareholders about how the company operates, and therefore may affect stock prices. The SEC will ask for input on the new rules over the next two months and then make a final decision. There have been reports of data breaches in the Netherlands for some time Mandatory for all companies⁇