The “forced disclosure” requirements companies face after a cyberattack may be a double-edged sword, alerting prospective victims of similar threats, all the while making the affected business vulnerable to additional attacks or SEC sanctions.