Item 1.05 of Form 8-K is the line item the SEC created for one specific event: a public company concluding that a cybersecurity incident it experienced is material. It was added by the Commission's final rule on cybersecurity risk management, strategy, governance, and incident disclosure, Release No. 33-11216, adopted July 26, 2023, with compliance for the 8-K requirement beginning in December 2023 for most registrants. The rule states the obligation plainly: registrants must disclose any cybersecurity incident they experience that is determined to be material, and describe the material aspects of its nature, scope, and timing, and its impact or reasonably likely impact.

The single most-misread feature of Item 1.05 is the clock. The four-business-day deadline does not start when a company detects unauthorized activity, when a threat actor posts a claim, or when remediation begins. It starts when the registrant determines the incident is material. The rule directs that a registrant make that materiality determination "without unreasonable delay" after discovery, but the disclosure trigger itself is the determination. That two-step structure — discovery, then a materiality determination, then four business days to file — is why disclosure dates and incident dates in real filings rarely line up.

"An Item 1.05 Form 8-K must be filed within four business days of determining an incident was material. A registrant may delay filing as described below, if the United States Attorney General (“Attorney General”) determines immediate disclosure would pose a substantial risk to national security or public safety."— SEC Release No. 33-11216, source

What must the filing actually say? The rule frames the content around the incident's material aspects. The registrant describes the nature, scope, and timing of the incident, and its impact or reasonably likely impact on the company, including its financial condition and results of operations. The rule does not require a company to publish technical specifics that would impede its response or remediation — it does not call for a play-by-play of the intrusion. It requires the material aspects, in the company's own words, as a current report investors can act on.

What "material" means here

Item 1.05 borrows its materiality standard from existing securities law rather than inventing a new one. In Release No. 33-11216 the Commission affirmed that the materiality standard for Item 1.05 is consistent with the standard set out in the long line of securities-law cases addressing materiality, including TSC Industries, Inc. v. Northway, Inc., Basic, Inc. v. Levinson, and Matrixx Initiatives, Inc. v. Siracusano, and with Securities Act Rule 405 and Exchange Act Rule 12b-2. Under that standard, information is material if there is a substantial likelihood that a reasonable shareholder would consider it important in making an investment decision, or if it would have significantly altered the total mix of information available. The Commission added that doubts as to the critical nature of the relevant information should be resolved in favor of investors.

That framing carries two consequences a reader of a filing should keep in mind. First, materiality is not a fixed dollar threshold; it is a qualitative judgment about what a reasonable investor would weigh. A breach with modest direct cost can still be material if it bears on reputation, customer trust, or operations. Second, because the trigger is the company's own determination, the filing reflects what the registrant decided, and when — which is why the breach-disclosure beat reads the timing of an Item 1.05 as carefully as its substance.

The narrow exception, and the amendment duty

The rule provides one delay mechanism. A registrant may delay filing the Item 1.05 8-K only if the United States Attorney General determines that immediate disclosure would pose a substantial risk to national security or public safety, and notifies the Commission of that determination in writing. Absent that determination, the four-business-day clock controls.

Item 1.05 is also not a one-and-done filing. The rule requires registrants to amend a prior Item 1.05 Form 8-K to disclose any information called for in Item 1.05(a) that was not determined or was unavailable at the time of the initial filing. In practice this means an initial 8-K filed shortly after a materiality determination — when scope and impact are still being assessed — is often followed by an 8-K/A once the company can describe the impact more completely. Reading the amendment alongside the original is the only way to see the full disclosure arc of an incident.

The amendment duty also changes how a single incident reads over time. An initial Item 1.05 filing is a snapshot taken on a four-day deadline, often before the company has completed its investigation. The rule anticipates this by requiring the 8-K/A once previously unavailable Item 1.05(a) information is determined. In practice that means the first filing tends to describe the nature and timing of the incident and the company's response, while the impact — the line investors care most about — frequently arrives or sharpens in a later amendment. Treating the initial 8-K as the whole story is a misread the rule's structure is built to prevent; the disclosure is the original plus its amendments.

How Item 1.05 fits the broader rule

The companion provision worth knowing is Regulation S-K Item 106, which sits in the annual 10-K rather than the 8-K and covers cybersecurity risk management, strategy, and governance — including the requirement to describe the board's oversight of cybersecurity risks and management's role in assessing and managing them. Item 1.05 captures the discrete, material event; Item 106 (surfaced in the 10-K as Item 1C) captures the standing program. The rule also reaches beyond domestic registrants: foreign private issuers face parallel governance disclosure through Form 20-F and furnish material cybersecurity incident information on Form 6-K, so the disclosure framework is not limited to U.S.-domiciled filers. Together these provisions are the SEC's framework for telling investors both what happened and how the company is set up to manage what could happen next. The primary citation for any Item 1.05 question is the rule text itself, where the four-day clock, the materiality standard, and the amendment duty are all stated in the Commission's own words.