The Securities and Exchange Commission’s new requirements for companies to disclose significant cybersecurity incidents will go into effect on December 18, 2023. The FBI is working with the Department of Justice to provide guidance on how victims can request delayed disclosure on national security or public safety grounds. .
You can read guidance on requesting a delay and providing the required information to the FBI by clicking the button at the bottom of this page. See SEC rulesread the FBI’s policy notice on how victim requests are handled.
The FBI recommends that all publicly traded companies establish a relationship with their local FBI field office’s cyber unit. The FBI also strongly encourages businesses to contact the FBI as soon as a cyber incident is discovered. This early response allows the FBI to understand the facts and circumstances of the case before the company determines its significance. Even if a victim of a cyber intrusion involves her FBI, that does not trigger severity. However, if the company determines that the cyber incident is serious and seeks a delay in disclosure, it may be helpful in the FBI’s review.
Please note that late requests will not be processed unless there is they are made immediately Based on the company’s determination of materiality.