The SEC has proposed rules to give investors a better view of how public companies are tackling risks around cybersecurity. Two separate reporting requirements create a third enforcement risk. Fulfilling two complicated reporting obligations can easily lead to inconsistent statements, which is its own risk, noted Financial Industry and Digital Currency & Blockchain partner Nick Losurdo in the Cybersecurity Law Report.