The SEC is now demanding more information about breaches and known risks in companies, according to their newest guidance. They are also stating that stock trading is forbidden for companies executives with known vulnerabilities in their organization.
This is pretty big move, and could signal a move toward government-mandated compliance, similar to PCI/HIPAA/SOX, etc.
Read more here:
http://www.darkreading.com/endpoint/privacy/sec-companies-must-disclose-more-info-on-cybersecurity-attacks-and-risks/d/d-id/1331109