The SEC has published new guidance recommending that publicly traded US companies disclose cybersecurity risks and incidents related to IT asset retirement. If assets like laptops are lost or stolen during retirement, exposed data could constitute a cyber incident negatively impacting the company. The SEC guidance specifies six disclosure areas companies should consider, including risk factors, business descriptions, legal proceedings, and financial impacts. Given increased focus on cyber risk disclosure, companies should ensure IT assets are securely retired to minimize risks and protect the company.