Reporting on cyber incidents in companies misses its target

The SEC’s Cyber Rule requires publicly traded companies to report “material” cyber incidents in the newly created Item 1.05 of Form 8-K. The SEC introduced the rule last year in response to the increasing number of cyber attacks on companies.

However, since the rule went into effect, companies have mostly reported cyber incidents that are not necessarily significant, which is why the SEC issued a clarification on the proper disclosure process in May.

Reporting under Item 1.05 should be reserved for material cyber incidents, while any other voluntary disclosure of a cyber incident – regardless of its materiality – should fall under Item 8.01 (Other Events), the SEC said.

Before …

Related Posts

Following a police investigation in Chazy, three men were arrested for cocaine possession

Australia’s consent campaign is praised but not enough to curb sexual violence

Farmer’s daughter accused of raping man and beating him to death