The Securities and Exchange Commission (SEC) adopted final rules requiring disclosure of material cybersecurity incidents on Form 8-K and periodic disclosure of a registrant’s cybersecurity risk management, strategy, and governance in annual reports. Read more about SEC Registrant requirements in the Cybersecurity sub-chapter of The Gold Book.