The Cyber Risk Admission

Across 1 sector, 5 of 6 filers are discussing disclosed risk. Accelerated into 2025Q4, since cooling. Direction flipped — 2025Q2 was 75% falling; 2025Q4 now 52% rising. Reached 3 sectors at its 2025Q4 peak, now concentrated in 1 sector. Almost entirely a risk story (100%). Stated as material across filings (avg intensity 3.6/5). Forward-leaning — companies are guiding to this, not just explaining the past. One disclosure notes "secure operation of these information technology networks is critical to our business operations and strategy."

Large infrastructure and software companies are explicitly acknowledging that cybersecurity threats cannot be fully prevented or mitigated, and pose ongoing risks to revenue, customer trust, and operational continuity.

DISTINCT NEW FILERS PER QUARTER

NEW FILERS THIS QUARTER

-75% QoQ

SPREADING ACROSS

1 industry

Consumer Discretionary

FIRST SURFACED

2024Q1

of recorded history

✦ WHAT THE DIFF CAUGHT

Language shifts from abstract mitigation claims toward concrete admission that threats are persistent, partially unmitigated, and potentially damaging to business outcomes.

REPRESENTATIVE SIGNAL FROM FILINGS

“secure operation of these information technology networks is critical to our business operations and strategy”

Secure operation of information technology networks and data processing is critical to the company's business operations and strategy.

—DEERE & CO$DESEC.GOV ↗10-K Item 7 · filed 2025-12-18

“we cannot anticipate and detect all cybersecurity threats and incidents”

Despite protective efforts, the company cannot anticipate, detect, or effectively prevent all cybersecurity threats and incidents.

—BANK OF AMERICA CORP /DE/$BACSEC.GOV ↗10-K Item 7 · filed 2026-02-25

DRIVERS

+ CONSUMER DISCRETIONARY+ FINANCIALS+ INDUSTRIALS+ INFORMATION TECHNOLOGY