SEC official clarifies material incident reporting under new cyber rule
By 
Kyle Brasseur2024-05-22T16:35:00
The director of the Securities and Exchange Commission’s (SEC) Division of Corporation Finance issued a statement addressing early inconsistencies observed under the agency’s new cybersecurity incident disclosure rule.
Erik Gerding cautioned companies against using the new 8-K filing item under the rule (Item 1.05) meant for reporting incidents deemed to be material for disclosing matters that might be material or where materiality was already ruled out.
Instead, he advised companies use another item (e.g., Item 8.01) to share such updates in order to avoid the potential for investor confusion.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
News BriefSEC orders R.R. Donnelley to pay $2.1M over cyber-related control violations
A business communications and marketing services company agreed to pay more than $2 million to settle charges levied by the Securities and Exchange Commission over cybersecurity-related control violations.
-
News BriefSEC amends Reg S-P to require data breach notification within 30 days
The Securities and Exchange Commission will require broker-dealers and registered investment advisers to adopt written policies and procedures for handling data breaches of customer data and notify affected customers within 30 days.
-
PremiumSurvey: Public companies fear added cyber risks from SEC disclosures
Large public companies say they are prepared to comply with the disclosure requirements of the SEC’s new cybersecurity incident rule, according to a survey conducted by Compliance Week and DLA Piper, but concerns exist that those reports could enhance the threat of future cyberattacks.
More from Regulatory Policy
-
ArticleCompliance told to focus on reality as Euro courts brace for slew of greenwashing cases
In 2025, the regulatory focus on greenwashing intensified globally. This trend is set to accelerate in 2026, and compliance has a key part to play in ensuring corporate statements are honest.
-
ArticleSFO guidance on evaluating compliance programs short on specifics, experts say
Companies looking for greater certainty about how they might avoid criminal prosecution for bribery, fraud, and corruption offences may find they’re going to be disappointed if they’re looking for definitive answers in the latest guidance from the U.K.’s main fraud investigator, say experts.
-
ArticleEU loosens AI and data rules
Europe has been at the forefront of designing strong—but flexible—rules around data use and the safe development of AI, but the EU recently announced plans to simplify some key measures around data privacy and AI governance, which have met with mixed responses.