US SEC: Material cyber incidents disclosed within 4 business days of materiality determination - DORA: 4-hour initial notification for major incidents - UK: FCA notification "as soon as reasonably practicable" - NIST CSF 2.0 (2024): Identify, Protect, Detect, Respond, Recover, Govern — the US refere