Jonathan Greig and Martin Matishak report:
The FBI has published guidance on how companies can request a delay in disclosing cyber incidents to the Securities and Exchange Commission (SEC).
The document is a followup to new rules that the SEC approved in June requiring companies to quickly disclose “material” cybersecurity incidents and share the details of their cybersecurity risk management, strategy and governance with the commission on an annual basis.
Companies have to report issues to the SEC in 8-K filings within four business days unless the U.S. attorney general determines that disclosure would threaten national security or public safety. The FBI will be responsible for collecting delay request forms and passing the viable ones on to the Justice Department.
Read more at The Record.