The US Securities and Exchange Commission (SEC) recently finalized regulations designed to improve transparency by requiring registrants to disclose details of material cybersecurity incidents and annually disclose material information regarding registrants’ cybersecurity risk management, strategy, and governance programs. The following FAQs (frequently asked questions) summarize the particulars and recommend next steps for covered organizations.