Item 1.05 cybersecurity

The 8-K item for disclosing material cybersecurity incidents, in effect since SEC's 2023 rule.

Definition

Item 1.05 of Form 8-K requires a public company to disclose any cybersecurity incident it has determined to be material, within four business days of that determination. The disclosure must describe the nature, scope, timing, and impact (or reasonably likely impact) of the incident.

Some filers misclassify cybersecurity incidents under Item 8.01 'Other Events' to delay or downplay the disclosure. Parsing the body text for keywords like 'ransomware', 'unauthorized access', and 'threat actor' surfaces these buried disclosures.

Related terms

8-K filing
Item 8.01 other events
Buried events

Try it on your stack

Get an API key in 2 minutes. Self-serve via Stripe, cancel anytime.

View pricing → Read API docs