FBI guidance: How to earn delay on SEC cyber incident disclosures

FBI logo

Businesses seeking additional time before disclosing to the Securities and Exchange Commission (SEC) the occurrence of a material cybersecurity incident must be prepared to provide detailed information on the matter to the Federal Bureau of Investigation (FBI).

The FBI released guidance for requesting a delay to the new SEC rule’s requirement that the nature, scope, timing, and impact of cybersecurity incidents be reported within four business days on discovery of materiality. The rule, adopted in July, is set to take effect this month.

Disclosure delays may be granted in cases where the U.S. attorney general determines there are national safety risks, the SEC noted. The FBI’s guidance helps establish the process for earning such a determination.

lock iconTHIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.