FBI guidance: How to earn delay on SEC cyber incident disclosures
By 
Kyle Brasseur2023-12-11T19:29:00
Businesses seeking additional time before disclosing to the Securities and Exchange Commission (SEC) the occurrence of a material cybersecurity incident must be prepared to provide detailed information on the matter to the Federal Bureau of Investigation (FBI).
The FBI released guidance for requesting a delay to the new SEC rule’s requirement that the nature, scope, timing, and impact of cybersecurity incidents be reported within four business days on discovery of materiality. The rule, adopted in July, is set to take effect this month.
Disclosure delays may be granted in cases where the U.S. attorney general determines there are national safety risks, the SEC noted. The FBI’s guidance helps establish the process for earning such a determination.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
News BriefDOJ sets expectations for SEC cyber incident disclosure delays
Companies won’t have an easy path toward earning additional time from the Department of Justice regarding the disclosure of a material cybersecurity incident to the Securities and Exchange Commission as required under a new rule.
-
News BriefSolarWinds cries SEC ‘overreach’ in fraud lawsuit against company, CISO
SolarWinds will contest a lawsuit brought by the Securities and Exchange Commission against it and its chief information security officer alleging fraud and internal control failures related to the software company’s cyberattack reported in 2020.
-
News BriefCybersecurity, AML risks among SEC 2024 exam priorities
SEC examiners will be asking tough questions of registered firms regarding how they handle risks related to operational security, interact with financial technology companies and crypto assets, and the maturity of their anti-money laundering programs.
More from Cybersecurity
-
News BriefU.K. says company boards need to worry more about cybersecurity risks
The U.K. government wants directors and boards of directors to become more actively involved in cybersecurity risks facing public and private companies, as the world faces “alarming” threats from criminal gangs and malicious nation-states. Though many organizations take cybersecurity seriously, the U.K. government says they do not place management of ...
-
PremiumNavigating compliance: A guide for small teams to tackle CMMC
Many small organizations within the Defense Industrial Base are struggling to meet the rigorous requirements validated through the Cybersecurity Maturity Model Certification, writes Thomas Graham, CISO at Redspin. If you haven’t been tracking it closely, CMMC was finalized in October, with an effective date of December 16, 2024.
-
PremiumFinancial crime in the shadows of the dark web
The dark web has been depicted as a long-standing hub for crimes, where illegal activities such as drug dealing, financial fraud, weapon sales, murder for hire, stolen credit cards, and ransomware gags are easily accessible to the public.