Whether or not this makes a difference is another story. Although Democrats at the SEC supported the guidance, they argued that the real solution would be tougher rules requiring better disclosures and improved security standards. The guidance may formalize SEC interpretations that haven't always been made public, but it doesn't change those laws to keep pace with modern cybercrime. It's not uncommon for companies to downplay or cover up incidents, but they won't necessarily face serious repercussions for their actions.

If nothing else, though, this is a shot across the bow. It's a reminder that companies shouldn't sit on news of a breach, jeopardizing the data of their customers for the sake of profit. If companies honor the guidelines (and that's a big "if,") you may understand the true severity of a breach and have a better chance at mitigating the damage.