The SEC Cyber Rule requires public companies to report “material” cyber incidents in the newly established Item 1.05 in Form 8-K. The SEC adopted the rule last year in light of the increase in corporate cyberattacks.
Since the rule’s enactment, however, companies have largely reported cyber incidents that aren’t necessarily material. As a result, the SEC in May issued a clarifying statement on proper disclosure procedure.
Reporting under Item 1.05 should be reserved for material cyber incidents, while any other voluntary disclosure of a cyber incident—regardless of its materiality—should fall under Item 8.01 (Other Events), the SEC said.
Prior ...
Learn more about Bloomberg Law or Log In to keep reading:
See Breaking News in Context
Bloomberg Law provides trusted coverage of current events enhanced with legal analysis.
Already a subscriber?
Log in to keep reading or access research tools and resources.