The US Securities and Exchange Commission (SEC) wants to clarify guidelines for public companies regarding the disclosure of ransomware and other cybersecurity incidents.
According to the breach reporting rules the federal agency adopted in July, public companies must disclose material events under Item 1.05 of Form 8-K. This is the form the SEC requires public companies to submit when they announce big changes that may be material to shareholders.
It means that should a publicly traded company experience a “material” cybersecurity intrusion – one that has a financial impact on the company’s operations, or that an investor would want to know before making an investment decision – they need to publicly report it under Item 1.05. In fact, Item 1.05 is titled “Material Cybersecurity Incidents.”
