In late February, the SEC approved what it labeled “Guidance on Public Company Cybersecurity Disclosures.” And, sure enough, about three-quarters of its 24 pages focus on the various categories and locations of cybersecurity risk and incident disclosure obligations, as well as materiality determinations. Because the SEC’s much-anticipated guidance appeared right in the thick of calendar-year … Continue Reading