While assessing the materiality of a cybersecurity incident, public companies should consider whether to proactively report the incident to the SEC in advance of any public disclosure and whether to ...