The director of the Securities and Exchange Commission’s (SEC) Division of Corporation Finance issued a statement addressing early inconsistencies observed under the agency’s new cybersecurity incident disclosure rule.

Erik Gerding cautioned companies against using the new 8-K filing item under the rule (Item 1.05) meant for reporting incidents deemed to be material for disclosing matters that might be material or where materiality was already ruled out.

Instead, he advised companies use another item (e.g., Item 8.01) to share such updates in order to avoid the potential for investor confusion.