For a while, I have been posting the results of automated SEC queries intended to identify correspondence about cyber incidents and risk.  I outline the search heuristic here.

I have decided to extend this automated discovery and posting to 10-Q filings as well.  I use the same heuristic, which so far has been OK on false positives.  The initial post is available here.

I hope this will be useful in quickly flagging firms that report actual incidents, but I am somewhat pessimistic.  Hopefully, the data will show whether this pessimism is warranted, or not.