Recommended: Listen to this story (09:09 - 10:42):

The Story: In preparation for the SEC’s new rules about cyber attack disclosures, public companies are already complying with the rules months before they’re forced to.

Back in July, the SEC announced new rules concerning cyber attacks against businesses that will go into effect in December. If a business experiences an attack, it must report any information known via an 8-K Form within four days of the incident. When the SEC’s rule was first announced, it was met with pushback from companies who worried that sharing they were the victim of a cyber attack would send a negative signal to the market.

Chief information officers were also worried that the new rules would allow the SEC to hold them liable for such cyber attacks, according to Nick Sanna, the president of Safe Security and co-founder of the FAIR Institute.

Lisa Plaggemier, executive director of the National Cybersecurity Alliance, also fears that companies will have a more difficult time disclosing cyber attacks to customers and LPs now. Plaggemier tells Axios that “There was a time just four or five years ago that companies were even afraid to talk about cybersecurity to their customers because it had so many negative connotations.”

Some notable recent cyber attacks include breaches at Okta and several Vegas casinos including Caesars Entertainment hotels and casinos. In the case of Okta, the hack caused the company’s stock to plummet by 12%, resulting in a $2 billion market cap loss for the identity and access management company.

As public companies continue to comply with the SEC’s new disclosure rules months before they are required to, other businesses are benefiting from the preview offered to them. According to Axios’s Sam Sabin, they have a good idea now of “what to expect from regulators, shareholders and consumers when they report their own material cyber incidents.”

*Stay informed about the three biggest stories in venture capital and tech news every weekday morning. 2-min reads only.