Item 1.05 and Item 8.01 are both lines on Form 8-K, but they answer different questions, and the SEC has been explicit that companies should not blur them. Item 1.05, "Material Cybersecurity Incidents," is the mandatory disclosure created by the Commission's 2023 cybersecurity rule for an incident a registrant has determined to be material. Item 8.01, "Other Events," is a long-standing catch-all a company may use voluntarily to disclose any event it deems of importance to security holders. The distinction matters because, after the rule took effect, some companies began filing cyber incidents under Item 1.05 before they had concluded the incident was material — which is precisely the use the SEC's Division of Corporation Finance moved to discourage.

In a May 21, 2024 statement, Erik Gerding, then Director of the Division of Corporation Finance, laid out the dividing line directly.

"If a company chooses to disclose a cybersecurity incident for which it has not yet made a materiality determination, or a cybersecurity incident that the company determined was not material, the Division of Corporation Finance encourages the company to disclose that cybersecurity incident under a different item of Form 8-K (for example, Item 8.01)."— SEC Division of Corporation Finance, source

The reasoning the statement gives is rooted in the text of the rule. Although Item 1.05 does not expressly prohibit voluntary filings, the item was added to Form 8-K to require disclosure of a cybersecurity incident "that is determined by the registrant to be material," and the item is titled "Material Cybersecurity Incidents." The Division noted that in adopting Item 1.05, the Commission stated that "Item 1.05 is not a voluntary disclosure, and it is by definition material because it is not triggered until the company determines the materiality of an incident." Filing an immaterial or not-yet-assessed incident under Item 1.05, the Division warned, could be confusing for investors, who might read the choice of item as a signal that the company had found the incident material when it had not.

What the item choice signals to a reader

For anyone reading EDGAR, this guidance turns the item number itself into information. An Item 1.05 filing carries an embedded assertion: the company has determined this incident is material in the securities-law sense. An Item 8.01 filing about a cyber event carries the opposite signal — the company is informing the market about an incident it has either not yet found material or affirmatively concluded is not material. The two filings can describe operationally similar events; what differs is the materiality posture the registrant has taken, and the SEC has built the form so that the chosen item discloses that posture.

This also clarifies a sequence that shows up in real disclosure trails. A company that learns of an incident before completing its materiality analysis may file an Item 8.01 8-K first to inform investors, then file an Item 1.05 8-K later if and when it determines the incident is material — or never escalate to 1.05 if it concludes the incident is not material. The mechanics of Item 1.05 reinforce this: the four-business-day clock runs from the materiality determination, not from discovery, so an early voluntary disclosure under Item 8.01 does not start the 1.05 clock.

That sequencing is more than theoretical. In the period after the rule took effect, the Division observed companies filing cyber incidents under Item 1.05 before they had completed — or sometimes even begun — a materiality analysis, apparently treating 1.05 as the default home for any cyber 8-K. The May 2024 statement was a course correction: it preserved companies' ability to disclose voluntarily, which the SEC encourages, while steering immaterial and not-yet-assessed disclosures to Item 8.01 so the 1.05 label retains its meaning. The Division was careful to note that Item 1.05 does not expressly prohibit a voluntary filing; its concern is the signal such a filing sends, not a textual bar.

The materiality posture also matters because it ties the cyber 8-K to the rest of the SEC's framework. An Item 1.05 filing represents a completed materiality judgment of the kind that, in aggregate, feeds the annual cybersecurity picture investors assemble from a company's 10-K Item 1C and its risk factors. An Item 8.01 cyber disclosure makes no such representation. Keeping the two straight is therefore not pedantry about form numbers — it is what lets a reader of the filing record distinguish "the company concluded this breach was material" from "the company is keeping the market informed about an incident it has not found material."

Why the distinction is load-bearing

The practical stakes of choosing the right item are about accuracy of signal rather than a difference in penalty for the disclosure itself. Item 1.05 sits within the SEC's framework alongside Regulation S-K Item 106 and the 10-K's Item 1C cybersecurity section, all of which key off materiality. Mislabeling an immaterial incident as a material one — or vice versa — distorts the picture investors and the market build from the filing record. The Division's guidance is not a prohibition on telling investors about cyber events; it is the opposite, an encouragement to disclose voluntarily where a company wants to, but to do so under the item that accurately reflects the company's materiality call.

The takeaway for reading the filing record is precise: when you see a cybersecurity 8-K, check the item. Item 1.05 means the company determined the incident is material and is on the four-day clock. Item 8.01 means the disclosure is voluntary and the company has not represented the incident as material under that item. The controlling source for the distinction is the Division of Corporation Finance statement, read together with the Commission's own description of Item 1.05 as "not a voluntary disclosure" — both of which are quoted from the SEC's own record.