The SEC has required publicly traded companies to disclose material cybersecurity incidents they experience, material information regarding their cybersecurity risk management, strategy, and governance on an annual basis, and the cyber expertise of the organization’s management team.