Regulated Industries

SEC cyber disclosure, before the materiality call.

The 2023 SEC rules require Item 1.05 incident disclosure within four business days of a materiality determination, and Item 106 annual governance disclosure. We help public companies and pre-IPO orgs prepare for both.

Schedule SEC readiness call

Items covered: 1.05 · 106
Audience: Public + pre-IPO
Materiality: Framework built
Cadence: Annual + ad-hoc

What's included

Materiality framework

A documented framework for making the materiality call quickly under pressure. Reviewed by legal.

Item 1.05 playbook

Four-day clock workflow with cross-functional roles defined (security, legal, comms, IR, board).

Item 106 disclosure authoring

Annual 10-K disclosure on cybersecurity governance, risk management, and material risks.

Board cybersecurity briefing program

Quarterly briefings designed for board-fiduciary needs, not security-team comfort.

Risk-factor language review

10-K risk factor language reviewed for accuracy and defensibility.

Tabletop with executives + GC

Materiality-call tabletop run with C-suite and General Counsel.

How it works

Engagement lifecycle

01
Weeks 1–4
Framework + playbook
Materiality framework, Item 1.05 playbook, roles defined.
02
Weeks 4–8
Item 106 + risk factors
Annual disclosure drafted; risk-factor language reviewed.
03
Month 3
Tabletop
Materiality-call tabletop with C-suite and GC.
04
Annual
Refresh
Disclosures refreshed for the next 10-K cycle.

Outcomes

What you walk away with

Documented materiality framework signed off by legal
Four-day Item 1.05 playbook with cross-functional roles
Item 106 disclosure language reviewed and drafted
Board cybersecurity briefing cadence operating
Risk-factor language defensible
Tabletop-tested executive muscle memory

IR Retainer

Item 1.05 needs IR-readiness underneath.

Tabletop Exercises

Materiality-call tabletop is a specialized variant.

vCISO Services

vCISO often owns SEC-disclosure program for public clients.