[Material-Incidents] No. 4

published on 2024-04-12 13:19:47 UTC by Matt Maloney

Hey Everyone,

It was a slow week for Material Incident filings with only one new filing for B. Riley Financial, Inc. If you’ve been following along, many of these filings can leave a lot to be desired from a details perspective. This week I’ve tried to pull in some other data to supplement the incident filings and started looking at annual 10K filings. Similar to the new 8-K filing requirement (material incident disclosure) from the SEC, public companies now have to make annual disclosures pertaining to cybersecurity risk management and strategy in their 10K filings (Item 1C.). This week, I read the 10Ks filed for companies who have also filed a material incident, so you don’t have to.

Key Takeaways:

  • Of the 12 companies to have filed material incidents, 5 have filed a 10K with Item 1C (Cybersecurity disclosure)

  • All five mention the leader of their security program (CISO, CIO, Chief Risk Officer, Chief Digital Officer) and go into details on their leaders respective background and qualifications

  • All five 10Ks were filed after their respective material incident filings but only three reference those incidents directly (1, 2, 3)

  • Two mention using the NIST cybersecurity framework for managing risk (1, 2)

  • One 10K added some additional details to their material incident filing which highlighted missing earnings this past fourth quarter

Missed earnings is a first for material incidents and not something that was originally mentioned in the 8K (only a loss of revenue mentioned). Diving into the 10K filings proved interesting, I’ll keep using them as a resource.

This Weeks Filings

B. Riley Financial, Inc. 8K, April 8, 2024
B. Riley Financial filed their material incident with the SEC this past Monday. A subsidiary of the financial services company (and somewhat recent acquisition), Targus International, discovered a threat actor had gained unauthorized access to “certain Targus’ file sytems”. Upon discovery, Targus brought in external security counsel and consultants to help contain and remediate the incident. The filing mentions, some of the proactive containment measures taken resulted in a temporary service disruption to the companies business operations. Targus is working with relevant regulatory authorities and law enforcement on the incident but no specifics on numbers of records or impact were disclosed.

Thanks for reading!
Matt


Powered by beehiiv