Public crypto companies must disclose cybersecurity incidents, per new SEC rules

The new rules add a layer of transparency for investors to see when a public company, such as Coinbase or MicroStrategy, has faced a cybersecurity incident

article-image

Michael Traitov/Shutterstock modified by Blockworks

share

The US Securities and Exchange Commission is requiring public companies, including public crypto companies, to disclose cybersecurity incidents.

The new rule, adopted on Wednesday, aims to ensure that investors receive potentially “material” information when a company has been attacked. 

“Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way. Through helping to ensure that companies disclose material cybersecurity information,” SEC Chair Gary Gensler said. 

Companies such as Coinbase, Marathon Holdings, Bitdeer and MicroStrategy will be impacted by the new SEC rules. 

“There has been a substantial rise in the prevalence of cybersecurity incidents, propelled by several factors: the increase in remote work spurred by the COVID-19 pandemic; the increasing reliance on third-party service providers for information technology services; and the rapid monetization of cyberattacks facilitated by ransomware, black markets for stolen data, and crypto-asset technology,” the SEC noted.

The SEC added that “evidence suggests” that companies are “underreporting cybersecurity risks.”

The new rule change will make it necessary for companies to give clear and specific information about any incidents that occur. This information will include details about when the incident happened, how it affected the company and its users, whether any data was stolen or accessed, and updates on whether the company has remediated the situation. All of this will be included in a new item, dubbed 1.05, included on 8K forms. 

Public companies will also have to “describe their processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats, as well as the material effects or reasonably likely material effects of risks from cybersecurity threats and previous cybersecurity incidents” on Regulation S-K. 

8K forms give investors updates on big changes at listed companies. 

The change comes as the SEC’s chief accountant warned that accounting firms working as auditors for the crypto industry need to be mindful of anti-fraud laws. 

SEC Commissioner Hester Peirce, who has shown support for crypto in the past, tweeted that “crypto platforms [and] their accountants should be clear about what proof of reserves is and isn’t,” but she warned against discouraging “good-faith efforts to provide more transparency.”


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Research Report Templates (2).png

Research

We’re bullish on the PUMP token. We believe Pump.fun's brand strength, existing integrations, product roadmap, and strategic levers justify PUMP's TGE valuation, and expect the token to re-rate meaningfully higher in the months ahead.

article-image

Big blockers wasted a bitcoin fortune trying to prove a point

article-image

Coinbase’s newest acquisition includes the CEO and Head of Research from Opyn

article-image

Crypto’s highest purpose might be to make markets better by making them bigger

article-image

The non-profit’s “Project Open” seeks to let stocks trade directly on Solana

article-image

The acquisition is Pump.fun’s first, and comes just days before its planned ICO

article-image

As Trump’s tariff war reignites, everyone is assuming the dollar will continue its path lower. But the journey might be bumpy