The cybersecurity industry is facing increasing legal oversight and consequences, making it riskier to work in this field. Companies are now required to disclose “material” security incidents within four working days to the SEC.