SEC eyes more expansive cybersecurity requirements