SEC proposes four-day rule for public companies to report cyberattacks