Public companies in the United States, including listed crypto firms, will be required to disclose any major cybersecurity incidents within a four-day time limit under new rules adopted by the United States securities regulator.