According to the breach reporting rules adopted in July, public companies must disclose material cybersecurity incidents under Item 1.05 of Form 8-K, which is titled 'Material Cybersecurity Incidents'. This is required when such incidents have a financial impact or affect investment decisions.
Erik Gerding stated that disclosing immaterial cybersecurity incidents or incidents without a materiality determination should be filled out under Item 8.01 of Form 8-K, to avoid confusion among investors.
While voluntary disclosures of cybersecurity incidents are valuable, they may lead to investor confusion and diminish the significance of reporting material cybersecurity incidents on Form 8-K.
The SEC aims to delineate between material and non-material cybersecurity incidents to ensure clarity in reporting and avoid diluting the importance of disclosing significant cybersecurity breaches.
Collection
[
|
...
]