Form 8-K
The SEC's mandatory current-report form, used by US-listed companies to disclose material events between quarterly filings; under the 2023 cyber-disclosure rule, cybersecurity incidents must be reported within four business days of a materiality determination.
Last refreshed: 20 May 2026 · Appears in 2 active topics
When does ransomware disruption force a listed manufacturer to tell the markets?
Timeline for Form 8-K
West Pharma SEC 8-K on ransomware halt
Cybersecurity: Threats and DefencesMentioned in: Red Cat signs Ukraine's state arms exporter
Drones: Industry & DefenceWhat is a Form 8-K cybersecurity disclosure?
Why did West Pharmaceutical Services file an 8-K in May 2026?
How quickly must a company report a cyberattack to the SEC?
Background
Form 8-K is the Securities and Exchange Commission's current-report filing, required from all NYSE- and Nasdaq-listed companies to disclose material events between regular quarterly and annual reports. Since the SEC's 2023 cybersecurity disclosure rule came into force, Item 1.05 of Form 8-K specifically compels listed companies to disclose a material cybersecurity incident within four business days of determining it is material to investors, covering the Nature, scope, and timing of the incident and its material impact or reasonably likely material impact.
West Pharmaceutical Services filed an 8-K on 7 May 2026, declaring material a cybersecurity incident detected on 4 May. The filing reported data exfiltration and full-system encryption, with operations taken offline globally across shipping, manufacturing, and shared services. Palo Alto Networks Unit 42 was named as the forensic responder. No ransomware group had claimed responsibility at filing. The West Pharma 8-K follows the Stryker precedent established in April 2026, where Stryker filed an 8-K/A for its Handala-related incident , creating two consecutive listed-manufacturer disclosures of operational disruption severe enough to move the quarter, with no ransomware-group attribution at filing in either case.
The paired filings establish a disclosure precedent: the SEC materiality threshold can be crossed by operational disruption alone, independent of attribution, ransom demands, or public extortion claims. Fortune 1000 CISOs and disclosure committees must now price the 8-K trigger against that lowered threshold, and the four-day filing clock starts from the internal materiality determination, not from external threat-actor activity.