The SEC recently rolled out new cybersecurity disclosure rules and noted that materiality depends on the “impact to the registrant”.