The Securities and Exchange Commission’s new cybersecurity rules will come into effect on 18 December for large, publicly traded companies; smaller firms have an additional 90 days to comply. The rules, passed in July, require companies to report data breaches within four days and offer clarity on mitigating cyber risks. They also require firms to outline their cybersecurity processes and expertise. Companies, fearing a drop in share price, have expressed concern over the short reporting window.
The six biggest security challenges coming in 2026
What will be the main challenges businesses face in 2026 and what can they do to prepare?
