An Analysis of Section 1C Disclosures in Q1 of 2024

Late in 2023, the Securities and Exchange Commission (SEC) in the United States published Regulation S-K Item 106, which requires public companies to describe their processes for assessing, identifying, and managing material risks from cybersecurity threats. Historically, companies were not required to disclose these processes to investors or market regulators, and there were no established guidelines for what a “good” 
disclosure would look like. Hyperproof reviewed disclosures from nearly 3,000 companies across over three hundred industries and have identified trends for what goes into a robust, meaningful disclosure.