A security breach can be a major source of concern for an organization, whether it is within your organization or from another organization with access to or copies of your information. But not all incidents grant the attacker access to sensitive systems of information. Some security breaches could be of a low valve system with nothing but public information on it, or it could be stopped before they could pivot and gain access to sensitive systems. The details of each security breach will tell the reader what was breached, what information or data was affected, the value or sensitivity of that data, and what was done to remediate the situation.
They want to know about any past security breaches so that they can understand your organization's security, including how secure your systems are, how you respond to a security incident, and how you would handle their data.
They expect details about the security breach and your response so that they can evaluate the handling of the situation. You should include only what is asked for, keep any confidential information such as your customers affected from being disclosed, unless required and approved by your legal department or organization counsel. Ensure that you include any information that helps contain the breach or limit damage, as these can be a positive thing in the face of something that, overall, seen negatively for your organization. If possible, address what steps have been taken to prevent future breaches and to better respond in the future. Try to make your response about how things were improved and made more secure because of the experience.