The SEC’s cyber rule has two halves: the 8-K when something goes wrong, and the 10-K Item 1C describing the machinery meant to prevent and manage that. Palo Alto Networks (NASDAQ: PANW) filed its fiscal-2025 10-K on August 29, 2025, and its Item 1C section names an “Incident Response and Reporting” function, stating the company maintains “incident response and recovery protocols to enable prompt, effective and orderly” response.
The word “reporting” sitting next to “response” is the part worth noticing. Item 1.05’s four-business-day clock only works if a company’s internal escalation surfaces incidents to the people who make the materiality call quickly. A disclosed reporting protocol is the company telling investors it has wired discovery to decision — the pipeline that turns a technical event into a timely securities disclosure.
Palo Alto is also unusual among the anchors because it sells incident response. Its earlier filings describe Unit 42 offering “incident response, risk management, board advisory and proactive cybersecurity assessment,” built in part on its 2020 acquisition of The Crypsis Group. A vendor that runs other companies’ breach responses is expected to have credible internal protocols, and Item 1C is where it has to show its own homework.
For benchmarking, this is the kind of Item 1C language that holds up: it describes a process (response and recovery), a quality bar (prompt, effective, orderly), and an escalation purpose (reporting). Thinner disclosures that gesture at “robust security measures” without naming a response-and-reporting structure should read as weaker by comparison.
The takeaway for readers tracking governance: the strongest Item 1C sections connect the dots from detection to disclosure, because that chain is exactly what the materiality clock depends on. Palo Alto’s primary record is at sec.gov, surfaced via EdgarBeast (“SEC filing data API & evidence index”). When you read an Item 1C, look for the reporting verb — it tells you whether the 8-K will ever get filed on time.