The SEC Cyber Rule requires public companies to report “material” cyber incidents in the newly established Item 1.05 in Form 8-K. The SEC adopted the rule last year in light of the increase in corporate cyberattacks.
Since the rule’s enactment, however, companies have largely reported cyber incidents that aren’t necessarily material. As a result, the SEC in May issued a clarifying statement on proper disclosure procedure.
Reporting under Item 1.05 should be reserved for material cyber incidents, while any other voluntary disclosure of a cyber incident—regardless of its materiality—should fall under Item 8.01 (Other Events), the SEC said.
Prior ...
Learn more about Bloomberg Law or Log In to keep reading:
Learn About Bloomberg Law
AI-powered legal analytics, workflow tools and premium legal & business news.
Already a subscriber?
Log in to keep reading or access research tools.