TechCrunch – What you need to know: “Starting December 18, publicly-owned companies operating in the U.S. must comply with a new set of rules requiring them to disclose “material” cyber incidents within 96 hours. The regulation represents a significant shake-up for organizations, many of which have argued that the new rules open them up to more risk and that four days isn’t enough time to confirm a breach, understand its impact, or coordinate notifications. Regardless, those that don’t comply — whether a newly-listed organization or a company that has been publicly owned for decades — could face major consequences courtesy of the U.S. Securities and Exchange Commission (SEC).”