Companies that voluntarily report cybersecurity breaches should rely on a separate regulatory filing to distinguish them from new mandatory disclosures of significant attacks, according to staff guidance the SEC issued on Tuesday.
Only breaches that companies determine to materially alter their financial results or that they expect investors would deem significant should rely on a special type of filing that’s dedicated to reporting “material cybersecurity incidents.” That form is known as 8-K Item 1.05, according to the statement from Securities and Exchange Commission staff.
- Any voluntary reporting of immaterial breaches could be disclosed using a different type of 8-K for ...
Learn more about Bloomberg Law or Log In to keep reading:
Learn About Bloomberg Law
AI-powered legal analytics, workflow tools and premium legal & business news.
Already a subscriber?
Log in to keep reading or access research tools.