This research shows how the adoption of a cybersecurity framework helps organizations meet the Securities and Exchange Commission (SEC) cybersecurity disclosure requirements, protect investors and control cyber risks. The implementation of a cybersecurity framework enables organizations to evaluate their risk factors required to be disclosed in SEC filings and determine the materiality of cybersecurity risks or incidents given their likelihood and impact, including harm to a company's reputation, financial performance and the possibility of litigation or regulatory actions.