Some interesting information compiled by Chris Walsh:
Slides from his February 28, 2013 RSA presentation, “Infosec Intelligence And Regulatory Filings: An Investigation Of The Information Security Content Of Mandatory Sec Disclosures” are linked from this blog post,
and
A compilation of some recent 10-k disclosures can be found here.