On February 20, the SEC approved a statement and interpretive guidance to assist public companies in preparing disclosure about cybersecurity risks and incidents. The guidance provides the SEC’s views about public companies’ disclosure obligations under existing law with respect to matters involving cybersecurity risk and incidents. Press release. Guidance.