{"id":54191,"date":"2023-10-18T21:41:00","date_gmt":"2023-10-18T21:41:00","guid":{"rendered":"https:\/\/www.darkreading.com\/edge\/what-cisos-should-exclude-from-sec-cybersecurity-filings"},"modified":"2023-10-18T21:41:00","modified_gmt":"2023-10-18T21:41:00","slug":"what-cisos-should-exclude-from-sec-cybersecurity-filings","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/what-cisos-should-exclude-from-sec-cybersecurity-filings\/","title":{"rendered":"What CISOs Should Exclude From SEC Cybersecurity Filings"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltd684486780832c02\/653050ad18f49499a94e5635\/secflag-Maxim_Ermolenko-alamy.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>As enterprises continue to weigh which security incidents constitute something material enough to be reported under the new <a href=\"https:\/\/www.darkreading.com\/edge\/do-cisos-have-to-report-security-flaws-to-the-sec\" target=\"_blank\" rel=\"noopener\">SEC rules<\/a>, CISOs face the challenge of deciding what details to report and, far more critically, which ones to omit.<\/p>\n<p>&#8220;This [SEC] rule puts CISOs in a very delicate position, and they are <em>not<\/em> being given a lot of guidance or direction,&#8221; says Merritt Maxim, a Forrester VP and research director. &#8220;You know you&#8217;ve been compromised, but you don&#8217;t have all the facts on day one.&#8221;<\/p>\n<p>In the case of a <a href=\"https:\/\/www.darkreading.com\/edge\/do-cisos-have-to-report-security-flaws-to-the-sec\" target=\"_blank\" rel=\"noopener\">material incident<\/a>, the CISO, along with the security operations center, would have to prepare a memo with all of the incident details and send it to investor relations and legal. Once those departments have reviewed it, the memo would be used to prepare the filing for the Securities and Exchange Commission.<\/p>\n<p>Although the new SEC rules take effect Dec. 18, there are already <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/mgm-caesars-sec-disclosures-cybersecurity-incidents\" target=\"_blank\" rel=\"noopener\">disclosures<\/a> from three enterprises that CISOs can look at to get an idea of how to comply with the new rules: <a href=\"https:\/\/investor.caesars.com\/static-files\/0bc13ee5-34a9-402e-8e7a-824b9dba4e57\" target=\"_blank\" rel=\"noopener\">Caesars<\/a>, <a href=\"https:\/\/d18rn0p25nwr6d.cloudfront.net\/CIK-0000789570\/a390c443-0c40-4025-aba2-74505ab3c9e3.pdf\" target=\"_blank\" rel=\"noopener\">MGM<\/a>, and two <a href=\"https:\/\/d18rn0p25nwr6d.cloudfront.net\/CIK-0000021076\/ae1fd2f2-142b-4a99-bed8-e7bfeb8a2bb7.pdf\" target=\"_blank\" rel=\"noopener\">filings<\/a> from <a href=\"https:\/\/d18rn0p25nwr6d.cloudfront.net\/CIK-0000021076\/3d803501-0492-4c96-9404-1fba3202c4ed.pdf\" target=\"_blank\" rel=\"noopener\">Clorox<\/a>.<\/p>\n<p>Since the filings deal with very different incidents, it makes sense that the information contained are also very different. However, the filings are consistent in that they focus on what is known and avoid speculations and predictions. The filings also do not share any details that are likely to change.<\/p>\n<h2 class=\"regular-text\">Competing Obligations<\/h2>\n<p>There are three competing objectives that CISOs are simultaneously juggling:<\/p>\n<ul>\n<li><strong>Report as much as you can.<\/strong> Legally, the goal is to share as much information as possible with investors and potential investors.<\/li>\n<li><strong>Report as little as you can.<\/strong> From a cybersecurity perspective, the goal is to tell potential attackers as little about your threat landscape and your defenses as possible, especially when the attack has not yet been fully contained.<\/li>\n<li><strong>Report only what you are confident about.<\/strong> Most initial details are wrong, and reports are repeatedly updated as the days, weeks, and months go by. That raises a thorny question: Is the enterprise obligated to disclose information that they consider to be \u2014 initially, at least \u2014 of very low reliability?<\/li>\n<\/ul>\n<p>&#8220;Only report what you know by 80-90% certainty,&#8221; says Dirk Hodgson, CISO of NTT Australia. &#8220;A few days into an incident, you are simply not going to know a great deal. You still are likely not even close to the point of having surveyed your entire global environment.&#8221;<\/p>\n<p>Douglas Brush, a special master with the US federal courts and the chief visionary officer for Accel Consulting, stresses that choosing which security incident details are material can be challenging. It&#8217;s one thing to conclude that the incident is material, he says, but selecting which specifics details are relevant and meaningful for the investing public is quite different.<\/p>\n<p>&#8220;Most enterprises have no idea what impact cyber operations will eventually have on their businesses,&#8221; Brush says.<\/p>\n<p>Phil Neray, vice president of cyber defense strategy for Gem Security, says that Clorox&#8217;s SEC filings illustrate this &#8220;report what you are confident about&#8221; point well. He says they &#8220;properly walked a fine line between saying what they knew and making basic estimates about how long it would take to restore operations.&#8221;<\/p>\n<p>Disclosures should be kept simple and to the facts, agrees Rex Booth, CISO of Sailpoint. &#8220;Keep it at a super summary level,&#8221; he says. &#8220;Things that are tangible and measurable: which operations were interrupted, which systems were compromised. Talk about observed impact and not causation. And say that &#8216;we will continue to investigate with outside entities.'&#8221;<\/p>\n<h2 class=\"regular-text\">What You Don&#8217;t Have to Say<\/h2>\n<p>Another important element is whether the information is truly going to be of any actionable value to shareholders and potential investors. The value of revealing a specific vulnerability needs to be balanced against the potential of providing attackers with more information they can use against you, Booth advises.<\/p>\n<p>CISOs must also be aware of what details are already public. In the Caesars and MGM incidents, for example, there was more information available via social media than from the filings, such as the fact that guests staying at the two casinos were <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/mgm-resorts-cyberattack-hobbles-las-vegas-strip-operations\" target=\"_blank\" rel=\"noopener\">unable to get into their rooms<\/a>. That&#8217;s the kind of detail you can&#8217;t keep a secret, even if you want to.<\/p>\n<p>While it makes sense to report only confirmed things, that advice may not necessarily always be the right call. &#8220;On the one hand, you do have to make a judgment on the material of the information,&#8221; says Naj Adib, a risk and financial principal for cyber and strategic risk at Deloitte. &#8220;But your obligation is to disclose.&#8221;<\/p>\n<p>CISOs should separate what happened from what the organization is going to do about it, Adib says. &#8220;There is no requirement to go out and discuss remediation,&#8221; he adds.<\/p>\n<h2 class=\"regular-text\">Higher Profile for Breaches<\/h2>\n<p>From a practical perspective, nothing has changed regarding <em>what<\/em> has to be reported, as the SEC has always required every publicly held company to report anything material to the SEC. The change is about timing \u2014 <a href=\"https:\/\/www.darkreading.com\/edge\/sec-adopts-new-rule-on-cybersecurity-incident-disclosure-requirements\" target=\"_blank\" rel=\"noopener\">within four days<\/a> \u2014 and the emphasis being placed on the disclosures. The fact that the SEC now has a document dedicated just to reporting cybersecurity incidents will bring incidents front-and-center with every board of directors and, therefore, with every CEO and CFO.<\/p>\n<p>&#8220;This will lead to far more internal attention. This is no longer a line buried in hundreds of thousands of lines in a 10K,&#8221; Booth says.<\/p>\n<p>CISOs should also bring corporate counsel or outside legal advisors into the disclosure discussions and decisions, says Accel&#8217;s Brush. This action both brings necessary legal advice into the discussion <em>and<\/em> protects the conversations from being legally discoverable due to attorney-client privilege.<\/p>\n<p>&#8220;The CISO&#8217;s communications with the inside security team is all potentially discoverable,&#8221; Brush says. With a lawyer present and thus protected, he adds, &#8220;As you are preparing your final statement, you can have open and frank discussions.&#8221;<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/edge\/what-cisos-should-exclude-from-sec-cybersecurity-filings\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Should CISOs include only known information in the SEC filings for a material security incident, or is there room to include details that may change during the investigation?Read More <a href=\"https:\/\/www.darkreading.com\/edge\/what-cisos-should-exclude-from-sec-cybersecurity-filings\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-54191","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>What CISOs Should Exclude From SEC Cybersecurity Filings 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/what-cisos-should-exclude-from-sec-cybersecurity-filings\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What CISOs Should Exclude From SEC Cybersecurity Filings 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/what-cisos-should-exclude-from-sec-cybersecurity-filings\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-18T21:41:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltd684486780832c02\/653050ad18f49499a94e5635\/secflag-Maxim_Ermolenko-alamy.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-cisos-should-exclude-from-sec-cybersecurity-filings\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-cisos-should-exclude-from-sec-cybersecurity-filings\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"What CISOs Should Exclude From SEC Cybersecurity Filings\",\"datePublished\":\"2023-10-18T21:41:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-cisos-should-exclude-from-sec-cybersecurity-filings\\\/\"},\"wordCount\":990,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-cisos-should-exclude-from-sec-cybersecurity-filings\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltd684486780832c02\\\/653050ad18f49499a94e5635\\\/secflag-Maxim_Ermolenko-alamy.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-cisos-should-exclude-from-sec-cybersecurity-filings\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-cisos-should-exclude-from-sec-cybersecurity-filings\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-cisos-should-exclude-from-sec-cybersecurity-filings\\\/\",\"name\":\"What CISOs Should Exclude From SEC Cybersecurity Filings 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-cisos-should-exclude-from-sec-cybersecurity-filings\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-cisos-should-exclude-from-sec-cybersecurity-filings\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltd684486780832c02\\\/653050ad18f49499a94e5635\\\/secflag-Maxim_Ermolenko-alamy.jpg\",\"datePublished\":\"2023-10-18T21:41:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-cisos-should-exclude-from-sec-cybersecurity-filings\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-cisos-should-exclude-from-sec-cybersecurity-filings\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-cisos-should-exclude-from-sec-cybersecurity-filings\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltd684486780832c02\\\/653050ad18f49499a94e5635\\\/secflag-Maxim_Ermolenko-alamy.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltd684486780832c02\\\/653050ad18f49499a94e5635\\\/secflag-Maxim_Ermolenko-alamy.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-cisos-should-exclude-from-sec-cybersecurity-filings\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What CISOs Should Exclude From SEC Cybersecurity Filings\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What CISOs Should Exclude From SEC Cybersecurity Filings 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/what-cisos-should-exclude-from-sec-cybersecurity-filings\/","og_locale":"en_US","og_type":"article","og_title":"What CISOs Should Exclude From SEC Cybersecurity Filings 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/what-cisos-should-exclude-from-sec-cybersecurity-filings\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-10-18T21:41:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltd684486780832c02\/653050ad18f49499a94e5635\/secflag-Maxim_Ermolenko-alamy.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/what-cisos-should-exclude-from-sec-cybersecurity-filings\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/what-cisos-should-exclude-from-sec-cybersecurity-filings\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"What CISOs Should Exclude From SEC Cybersecurity Filings","datePublished":"2023-10-18T21:41:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/what-cisos-should-exclude-from-sec-cybersecurity-filings\/"},"wordCount":990,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/what-cisos-should-exclude-from-sec-cybersecurity-filings\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltd684486780832c02\/653050ad18f49499a94e5635\/secflag-Maxim_Ermolenko-alamy.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/what-cisos-should-exclude-from-sec-cybersecurity-filings\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/what-cisos-should-exclude-from-sec-cybersecurity-filings\/","url":"https:\/\/www.threatshub.org\/blog\/what-cisos-should-exclude-from-sec-cybersecurity-filings\/","name":"What CISOs Should Exclude From SEC Cybersecurity Filings 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/what-cisos-should-exclude-from-sec-cybersecurity-filings\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/what-cisos-should-exclude-from-sec-cybersecurity-filings\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltd684486780832c02\/653050ad18f49499a94e5635\/secflag-Maxim_Ermolenko-alamy.jpg","datePublished":"2023-10-18T21:41:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/what-cisos-should-exclude-from-sec-cybersecurity-filings\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/what-cisos-should-exclude-from-sec-cybersecurity-filings\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/what-cisos-should-exclude-from-sec-cybersecurity-filings\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltd684486780832c02\/653050ad18f49499a94e5635\/secflag-Maxim_Ermolenko-alamy.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltd684486780832c02\/653050ad18f49499a94e5635\/secflag-Maxim_Ermolenko-alamy.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/what-cisos-should-exclude-from-sec-cybersecurity-filings\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"What CISOs Should Exclude From SEC Cybersecurity Filings"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=54191"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54191\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=54191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=54191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=54191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}