In a move to prevent public companies from delaying news about cyberattacks, the US Security and Exchange Commission has set a four-day deadline to disclose material cybersecurity incidents. A US attorney general could potentially delay that disclosure if doing so would lead to substantial risk to national security or public safety. Otherwise, the rules will serve as a stiff new guidepost — albeit, one that's slightly less restrictive than the