It's not just customers that need to know about data breaches — it's investors too.

The Securities and Exchange Commission has asked public companies to disclose any cyber-attacks that could lead to a financial loss, Reuters reported Thursday.

State laws already require companies to disclose breaches to customers that might be affected. For example, a company that exposes credit card numbers must tell the cardholders so that they are aware of the potential for fraud on those accounts.

The SEC's instructions ask companies to report "estimates of warranty liability, allowances for product returns, capitalized software costs, inventory, litigation, and deferred revenue," according to a document on its website.

These instructions go beyond breaches of financial data. A breach of intellectual property could also require a disclosure, for example.