For a while, I have been posting the results of automated SEC queries intended to identify correspondence about cyber incidents and risk. I outline the search heuristic here.
I have decided to extend this automated discovery and posting to 10-Q filings as well. I use the same heuristic, which so far has been OK on false positives. The initial post is available here.
I hope this will be useful in quickly flagging firms that report actual incidents, but I am somewhat pessimistic. Hopefully, the data will show whether this pessimism is warranted, or not.