- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Kyle Brasseur2023-12-13T18:04:00
Companies won’t have an easy path toward earning additional time from the Department of Justice (DOJ) regarding the disclosure of a material cybersecurity incident to the Securities and Exchange Commission (SEC) as required under a new rule.
The DOJ released guidance Tuesday on how it will reach its determinations on whether companies qualify for disclosure delays available when the U.S. attorney general determines there are national security risks at play. In all other circumstances, the SEC’s rule, adopted in July and effective this month, requires public companies to disclose the nature, scope, timing, and impact of cybersecurity incidents within four business days upon discovery of materiality.
Last week, the Federal Bureau of Investigation published guidance on what information companies seeking a reporting delay should provide and where to submit requests. The DOJ’s guidance suggested there will be “limited circumstances” where delays will be granted.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
Register for free
Receive the CW newsletter and access CPE webcasts.
Large public companies say they are prepared to comply with the disclosure requirements of the SEC’s new cybersecurity incident rule, according to a survey conducted by Compliance Week and DLA Piper, but concerns exist that those reports could enhance the threat of future cyberattacks.
The Reserve Bank of New Zealand added new reporting requirements for its member banks to follow if they suffer a material cyber incident and for all types of cyberattacks.
Two chief compliance officers and an attorney discussed preparation for the “when, not if” threat of a data breach during a panel at CW’s Cyber Risk & Data Privacy Summit.
The U.S. Department of Energy released supply chain cybersecurity principles meant to help strengthen key technologies used to manage and operate electricity, oil, and natural gas systems.
The Environmental Protection Agency is increasing its inspections of public drinking water systems after finding a majority of those reviewed were vulnerable to cyberattacks and related threats.
Verizon’s annual data breach report shows trends in cybersecurity incidents, including more ransomware and extortion attacks last year.
