The SEC cybersecurity rules went into effect on Dec. 15, and those most involved in the disclosure process – CFOs, boards and even many CISOs – don’t know enough about their organizations’ operational technology networks powering the connected machinery that play a critical role in the health and safety of the general public. Public organizations with these types of networks (airports, manufacturing, healthcare, utilities, oil & gas, etc) face a nearly impossible task when it’s time to accurately disclose material business risk or properly report an incident once it happens, especially as the SEC suit against SolarWinds sends a strong message that they intend to hold companies accountable.