The Securities and Exchange Commission (SEC) issued item 1.05 and item 106 specific to cybersecurity risks and disclosures in 2023 to increase transparency and provide investors with clear details on breaches and cybersecurity programs. As with any new regulatory guidance, it takes time to sort through the requirements and identify best practices. For this report, Forrester combed through 10-K and 8-K statements to identify common elements and challenges with existing disclosures to provide security leaders with data and best practices to meet SEC requirements.