Cybersecurity disclosures in reports filed by public companies subject to U.S. Securities and Exchange Commission (SEC) requirements provide investors with insights into firms’ cybersecurity incidents and risk management efforts, which are increasingly pivotal to investor decision-making. To improve the informativeness and consistency of these disclosures, the SEC introduced enhanced cybersecurity disclosure requirements in 2023, mandating detailed cybersecurity disclosure information in annual 10-K filings. In this study, we explore what these new disclosures reveal about firm cybersecurity behavior and communication practices. Specifically, we focus on (1) identifying general themes that reveal firms' cybersecurity risk management processes, governance, and strategy, and (2) examining how past data breaches influence the prevalence of these reporting themes. Combining machine-learning tools and human qualitative analysis, our mixed-methods analysis reveals significant associations between past data breaches and specific themes, suggesting that firms with breach histories prioritize these areas in subsequent disclosures, signaling strengthened cybersecurity efforts to investors.