Can you imagine how much damage can be done in 4 days though? Also, 4 business days is quite different from 96 hours which would still be quite long in terms of cyber attacks.

Large companies get attacked so often that the sheer volume of reports is going to make main stream media stop paying attention.

Wonder if this applies retroactively. If a company is currently sitting on a breach they’ve known about for… some time, are they on the hook?

If they cared the new rule would be that the company breached has to compensate their customers for the breach. Make it a million dollars or so.