Businesses seeking additional time before disclosing to the Securities and Exchange Commission (SEC) the occurrence of a material cybersecurity incident must be prepared to provide detailed information on the matter to the Federal Bureau of Investigation (FBI).
The FBI released guidance for requesting a delay to the new SEC rule’s requirement that the nature, scope, timing, and impact of cybersecurity incidents be reported within four business days on discovery of materiality. The rule, adopted in July, is set to take effect this month.
