There’s been a 12-fold increase in cyber security filings to the US Securities and Exchange Commission (SEC) in the first quarter of this year, following the introduction of new rules on data breach disclosures last December.
Analysis by security firm Panaseer found there were at least 1,327 annual 10-K filings mentioning the National Institute of Standards and Technology (NIST) – a key indicator that cyber security posture is present in a filing – between January and May this year.
This compares to just 110 during the same period in 2023 – a 12-fold increase – and 128 across the entire year. On current projections, Panaseer predicts there could be up to 2,600 such filings across 2024 – a more than 20 times increase.
The new regulation applies to listed enterprises, with two separate SEC reports that apply to cyber security.
The first is a 10-K filing, a comprehensive annual report of critical information including financial performance. Now, organizations must describe in detail their approach to cyber risk management, including cyber security strategy, board oversight, and management’s role in cyber governance.
The second is an 8-K filing, which is a report announcing…
