After a year of wrangling and adjustments, the U.S. Securities and Exchange Commission (SEC) implemented a new requirement for publicly traded companies. The requirement is for public companies to disclose hacking incidents within four days of the incident.

This signals the SEC’s focus on hardening the U.S. financial system against data breaches, accordi…