On June 24, 2024, the U.S. Securities and Exchange Commission (SEC) published five new Form 8-K Compliance and Disclosure Interpretations (C&DIs) expanding the agency’s interpretations of cybersecurity incident disclosures pursuant to Item 1.05 of Form 8-K. In July 2023, the SEC adopted final rules with respect to cybersecurity incidents that generally require public companies to disclose (i) material cybersecurity incidents within four business days after determining the incident was material and (ii) material information regarding their cybersecurity risk management, strategy and governance on an annual basis. We wrote about the final cybersecurity disclosure rules here.