Even before Russia’s invasion of Ukraine, cyberattacks had been on the rise, leading to provisions from regulatory bodies such as the mandatory disclosures of incidents to protect investors and alert other businesses alike.

Now, some attorneys and cybersecurity experts are asking if forced reporting of breaches and attacks at the level of detail that the U.S. Securities and Exchange Commission (SEC) mandates might actually be causing more harm than good, by inadvertently publicizing the sensitive cybersecurity policies of companies. Others wonder if the culture of communicating such breaches is just as important as safeguarding the highly liable details, and if so, can there be a balancing act between the two?