The Securities and Exchange Commission is advancing measures that would require publicly owned companies to disclose more information about their cybersecurity vulnerabilities, including data breaches.