Public companies confronting a cybersecurity attack should ready themselves for the arrival of a new party stepping into the breach—the U.S. Securities & Exchange Commission.