A US law that requires publicly-traded companies to report on material risks enforced by the Securities and Exchange Commission (SEC). The SEC has increased its attention toward cybersecurity risks, including issuing a rule that material incidents must be disclosed within 4 business days.