The SEC has issued new sec 10-K cybersecurity disclosure rules for public companies. These rules focus on informing shareholders about material cyber risks without revealing sensitive security details. Key requirements include disclosing cyber risk programs, third-party engagements, oversight of third-party cyber risks, and any significant cyber incidents affecting operations or finances. Additionally, governance and management roles in cyber risk oversight must be detailed. While certain aspects like policies and incident management aren't mandated, companies must ensure comprehensive and accurate reporting to comply with these rules.