ANALYSIS: 2024’s SEC Cybersecurity 8-Ks—Form Over Substance

Feb. 18, 2025, 10:00 AM UTC

The SEC’s cybersecurity incident reporting rule went into effect a year ago. Since then, there have been far fewer new filings than might have been expected given the increased risk of ransomware and cyberattacks in recent years. The few filings on record show that companies are quick to report an incident, yet fail to provide more than the bare minimum in the way of details.

Under the rule, public companies have had to disclose material cybersecurity incidents in Form 8-K filings using the new Item 1.05 since January 2024. Incidents are deemed material if there is a substantial likelihood that ...

Learn more about Bloomberg Law or Log In to keep reading:

Learn About Bloomberg Law

AI-powered legal analytics, workflow tools and premium legal & business news.

Already a subscriber?

Log in to keep reading or access research tools.