In response to security breaches at companies including Equifax, Target and Yahoo over the past few years, the SEC issued interpretive guidance on issuers' cybersecurity disclosures in February 2018.
The SEC's guidance sets the expectation that boards should actively engage in cybersecurity issues, stating that companies are expected "to disclose cybersecurity risks and incidents that are material to investors." The SEC has not, however, instituted any direct measure to compel companies to reveal the nature and the scope of such cybersecurity breach if one takes place. A major difficulty in cybersecurity disclosures lies in setting the standard for when information must be disclosed.
For more information, see here.