SEC Staff Clarifies Form 8-K Item 1.05 is for Cybersecurity Incidents that are Determined to be Material

SEC Staff Clarifies Form 8-K Item 1.05 is for Cybersecurity Incidents that are Determined to be Material

Blog Keeping Current: Disclosure and Governance Developments

On May 21, 2024, Erik Gerding, Director of the SEC’s Division of Corporation Finance, issued a statement regarding the disclosure of cybersecurity incidents on Form 8-K. In his statement, Director Gerding encourages companies that voluntarily choose to disclose a cybersecurity incident that has not been determined to be material, or for which no materiality determination has yet been made, to make that disclosure using a Form 8-K item other than Item 1.05 (Material Cybersecurity Incidents). For example, companies may voluntarily provide the disclosure under Item 8.01 (Other Events). 

In his statement, Director Gerding emphasizes that, in light of the prevalence of cyber incidents, reserving disclosure under Item 1.05 for incidents that are material will help avoid investor confusion or misunderstanding as to the severity of incidents, as well as reduce the risk of dilution of the value of disclosures made under Item 1.05.

Director Gerding also notes that the statement is not intended to discourage companies from voluntarily disclosing cybersecurity incidents and reiterates that the materiality assessment of an incident should look not only at the financial impacts of the incident but also qualitative factors. Director Gerding refers to a number of examples of qualitative considerations that were contained in the Item 1.05 adopting release, such as reputational or competitive harm, customer or vendor relationships, as well as the possibility of litigation or regulatory actions.

Finally, the statement provides helpful clarification for situations where an incident is disclosed voluntarily, for example under Item 8.01, but then later is determined to be material. In that circumstance, companies must file an Item 1.05 8-K within four business days of their materiality determination. While this Item 1.05 8-K may refer to the original Item 8.01 8-K, it must include all of the disclosures required by Item 1.05.

Director Gerding’s statement clarifies the SEC staff’s views on the appropriate use of Item 1.05 of Form 8-K in light of the uncertainty and varied practice that has developed since the Item’s adoption.

Authors

More from this series

Notice

Unless you are an existing client, before communicating with WilmerHale by e-mail (or otherwise), please read the Disclaimer referenced by this link.(The Disclaimer is also accessible from the opening of this website). As noted therein, until you have received from us a written statement that we represent you in a particular manner (an "engagement letter") you should not send to us any confidential information about any such matter. After we have undertaken representation of you concerning a matter, you will be our client, and we may thereafter exchange confidential information freely.

Thank you for your interest in WilmerHale.