The Financial Post reports in its Friday edition that companies hit by cyberattacks face a four-day deadline for publicly disclosing significant impact under controversial new rules approved July 26 by the U.S. Securities and Exchange Commission. A Bloomberg dispatch to the Post says that the rules have been vigorously contested by trade organizations and businesses. The markets regulator's disclosure rules are its latest effort to boost transparency into cyberthreats after years of relentless attacks against businesses from both criminal gangs and hackers backed by nation states. They also seek to address gaps in existing cybersecurity disclosures. Publicly traded companies currently rely on SEC guidelines for when to address cyber risks and incidents that are considered relevant for investors. That has created a hodgepodge of cyber-incident reporting. Companies that report incidents provide different amounts of detail about the impact and their response to it. Some incidents are not reported in a timely manner, while others are not disclosed at all. Business groups pushed for a delay clause, arguing that prematurely making a cybersecurity vulnerability or incident public could impede a law enforcement investigation.