The U.S. Securities and Exchange Commission (SEC) has implemented new rules requiring public organizations to disclose material cybersecurity incidents and detail their cybersecurity risk management, strategies, and governance, effective December 15, 2023. These organizations must report material incidents on a Form 8-K within four days of determining their materiality and describe the incidents' nature, scope, timing, and impact, though they are not required to disclose remediation status or data compromise details. The rules also extend to incidents involving third-party systems, emphasizing the importance of defining "materiality" within the organization. To comply, organizations should adopt best practices such as continuous monitoring, proactive threat hunting, and improving security feedback loops, while C-level executives and boards must educate themselves on cybersecurity and the mandate's implications. Security operations teams should enhance monitoring, training, and documentation to prepare for the mandate, leveraging AI-powered observability platforms to better manage risk and prevent material events.