Cyber incidents are among the fastest-growing existential threats to publicly traded companies. More than a technical headache, breaches can materially impact your bottom line—and the mere news of an incident can send stocks tumbling, even when the breach’s extent remains unclear to investors. That’s as a recent World Economic Form report noted that “29% of organizations reported that they had been materially affected by a cyber incident in the past 12 months.”

Investors—and now the Securities and Exchange Commission—increasingly want to know when a breach materially impacts a public company, and they now require more details about what companies are doing to prevent and respond to such incidents. Recently, the SEC adopted more specific rules related to annual 10-K disclosure, as well as rules for reporting material incidents on 8-K disclosures.