SEC Cyber Disclosure

SEC Cyber Disclosure Tabletop Exercises for Item 1.05 Readiness

Public registrants must disclose material cybersecurity incidents within four business days. Breachday tabletop exercises rehearse the legal, finance, and communications decisions that start the clock, and document the evidence for Item 106 process disclosures and board oversight.

The compliance challenge

Since December 2023, SEC registrants must disclose material cybersecurity incidents on Form 8-K Item 1.05 within four business days of determining materiality. Annual 10-K disclosures under Reg S-K Item 106 require description of cyber risk management processes and board oversight.

The disclosure decision is not purely technical. Legal, finance, communications, and executive leadership must align on materiality, timing, and disclosure content — often under incomplete information and time pressure.

Teams that have never rehearsed this decision framework discover gaps during a real incident. Breachday materiality drills practice the exact workflow: Is this material? Who decides? When does the four-day clock start? Every decision is captured with timestamps for your disclosure readiness program.

What teams struggle with today

  • No documented practice of the legal/finance/comms materiality decision under time pressure
  • IR tabletops that stop at containment and never reach the disclosure decision point
  • Annual Item 106 disclosures describing a process that has never been exercised
  • Board and executive participation limited to policy review, not simulated disclosure decisions
  • No evidence trail showing management engagement in cyber incident response rehearsals

Reg S-K Item 106 · Form 8-K Item 1.05

How Breachday maps to SEC Cyber Disclosure

Specific control requirements and how each Breachday exercise produces evidence your assessor can review.

ControlRequirementHow Breachday satisfies it
Item 1.054-day material incident disclosure (Form 8-K)Materiality drills practice the legal/finance/comms decision call. Scenarios escalate to the point where your team must determine materiality, identify who has authority to decide, and document when the four-business-day clock would start.
Item 106(b)Cybersecurity risk management process disclosureDocumented exercise cadence demonstrates ongoing risk management. Saved exercise reports on Plus and Pro show a recurring tabletop program — evidence that supports the process descriptions in your annual 10-K Item 106 disclosure.
Item 106(c)Board oversight and management roleExercise reports with participant roster show management engagement. Including General Counsel, CFO, CISO, and executive seats in your drills demonstrates the cross-functional oversight Item 106 describes.
Materiality drillsDecision framework rehearsalPractice the exact decision framework: Is this material? Who decides? When does the clock start? Breachday captures vote tallies and attributed responses at each decision point so you can review how your team handled the call.

See which plan covers SEC Cyber Disclosure reporting· Learn about building scenarios

The audit packet

What your auditor receives

Every completed exercise generates a structured after-action report, produced as you run the session rather than written up after the fact.

  • Branded PDF after-action report with your organization logo
  • Inject-by-inject timeline with timestamps for every situation update, decision, and escalation
  • Vote tallies and freeform responses attributed by role seat
  • Findings grouped by severity with facilitator observations on each inject
  • SHA256 hash on exported reports for integrity verification
  • Participant roster with display names, role seats, and join/leave timestamps
  • Linked IT assets and BIA processes showing what was exercised
  • Lessons learned with owners, status, and due dates
  • Structured JSON export for GRC tools and audit repositories

04 — Workflow

How it works

A streamlined sequence from preparation to after-action report.

01

Design the scenario

Define the narrative, injects, and roles. Use our templates or build from scratch.

02

Start the exercise

Launch the room with one click and activate your scenario timeline for participants.

03

Join the room

Participants join from any device using a short room code, then pick their role seat.

04

Run your scenario

Deliver injects, capture votes and responses, and guide decisions in real time.

05

Review the report

Generate an after-action report with timeline events, decisions, and improvement takeaways.

Frequently asked questions

SEC Cyber Disclosure-specific questions from compliance and security teams.

How does a tabletop exercise help with SEC Item 1.05 readiness?

Item 1.05 requires disclosure within four business days of determining materiality. A Breachday materiality drill walks your team through a scenario that reaches the disclosure decision point — practicing who assesses materiality, who approves, and how you would document the determination date.

Should our General Counsel and CFO participate in SEC disclosure drills?

Yes. The disclosure decision involves legal materiality assessment, financial impact evaluation, and communications planning. Breachday role seats let GC, CFO, CISO, and Comms participate with attributed responses captured in the after-action report.

Can exercise reports support our Item 106 annual disclosure?

Item 106(b) asks you to describe your cyber risk management processes. Documented tabletop exercises demonstrate that you test and rehearse incident response — including disclosure readiness — on a recurring basis. Reports provide dated evidence of your exercise program.

What scenarios work for SEC disclosure drills?

Scenarios that escalate to potential material impact work well: ransomware with operational disruption, data breaches affecting customer records, and supply chain compromises with financial exposure. Breachday includes templates for these patterns, or you can build custom scenarios.

Which Breachday plan supports SEC disclosure programs?

Pro includes audit-ready reports explicitly designed for SEC disclosure readiness alongside SOC 2 and PCI DSS evidence. Enterprise adds custom crisis communication plans and organization-wide audit trails for regulated public companies. See pricing for plan comparison.

Is Breachday a substitute for SEC legal counsel on materiality?

No. Breachday helps you rehearse and document your response process. Materiality determinations require legal judgment that only your counsel can provide. Exercise reports demonstrate preparedness; they do not constitute legal advice on disclosure obligations.

Ready to run your first SEC disclosure tabletop?

Practice the Item 1.05 materiality decision with your legal, finance, and communications team. Book a demo to walk through a disclosure readiness scenario and the after-action report your board and counsel can review.

Breachday is not a substitute for legal or audit advice. Control mappings are guidance for compliance teams; your auditor has the final say.