Public crypto companies must disclose cybersecurity incidents, per new SEC rules

The new rules add a layer of transparency for investors to see when a public company, such as Coinbase or MicroStrategy, has faced a cybersecurity incident


Michael Traitov/Shutterstock modified by Blockworks


The US Securities and Exchange Commission is requiring public companies, including public crypto companies, to disclose cybersecurity incidents.

The new rule, adopted on Wednesday, aims to ensure that investors receive potentially “material” information when a company has been attacked. 

“Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way. Through helping to ensure that companies disclose material cybersecurity information,” SEC Chair Gary Gensler said. 

Companies such as Coinbase, Marathon Holdings, Bitdeer and MicroStrategy will be impacted by the new SEC rules. 

“There has been a substantial rise in the prevalence of cybersecurity incidents, propelled by several factors: the increase in remote work spurred by the COVID-19 pandemic; the increasing reliance on third-party service providers for information technology services; and the rapid monetization of cyberattacks facilitated by ransomware, black markets for stolen data, and crypto-asset technology,” the SEC noted.

The SEC added that “evidence suggests” that companies are “underreporting cybersecurity risks.”

The new rule change will make it necessary for companies to give clear and specific information about any incidents that occur. This information will include details about when the incident happened, how it affected the company and its users, whether any data was stolen or accessed, and updates on whether the company has remediated the situation. All of this will be included in a new item, dubbed 1.05, included on 8K forms. 

Public companies will also have to “describe their processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats, as well as the material effects or reasonably likely material effects of risks from cybersecurity threats and previous cybersecurity incidents” on Regulation S-K. 

8K forms give investors updates on big changes at listed companies. 

The change comes as the SEC’s chief accountant warned that accounting firms working as auditors for the crypto industry need to be mindful of anti-fraud laws. 

SEC Commissioner Hester Peirce, who has shown support for crypto in the past, tweeted that “crypto platforms [and] their accountants should be clear about what proof of reserves is and isn’t,” but she warned against discouraging “good-faith efforts to provide more transparency.”

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.


Upcoming Events

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2023

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Unlocked by Template.png


With the spot ETH ETF approval, the institutions are coming. stETH - given its dominance in marketshare, existing liquid market structures, and highly desirable properties - is poised for institutions.


The QT taper begins this month…but what does that mean for markets?


Plus, the rise of RWAs could bring about a significant shift in how real-world investments are managed and accessed


The distributed cell plan provider started selling its own hotspots in October 2023


The Brazil-based asset manager’s filing comes during a year of milestone bitcoin and ether fund approvals


The purchase of five sites in Georgia set to help CleanSpark hit its mid-year operating hash rate target of 20 EH/s


Plus, it’s beginning to look like we may be in for a cruel summer