The SEC’s Division of Corporation Finance today published five new Compliance and Disclosure Interpretations, or “C&DIs,” all concerning Item 1.05 of Exchange Act Form 8-K, Disclosure of Cybersecurity Incidents.

New C&DI 104B.05 describes a ransomware attack on a public company ended by a payment to the threat actor before any materiality evaluation of the incident.