Cyber report guide
FBI Issues Steps on Reporting Cyber Breach Incidents to SEC
The FBI has detailed the steps by which companies can ask for a delay in reporting cybersecurity incidents that the Securities and Exchange Commission requires effective Dec. 18.
Under the SEC rule, companies have to report cyber issues to the commission in 8-K filings within four business days after the incident, unless the U.S. attorney general rules that disclosure is a national security or public safety threat.
According to the FBI, delay requests must be e-mailed to the bureau with the exact information on when the cyber breach occurred and when the company concluded it was material, The Record reported.
The FBI defined a “material cybersecurity incident” as an incident with a “substantial likelihood that a reasonable shareholder would consider it important” in investment decisions. The bureau suggested that all publicly listed companies build ties with the local FBI cyber squad and contact the bureau immediately after a cyber incident’s discovery.
Early communication allows the bureau’s familiarization with the cyber incident’s circumstances before a company makes a materiality determination. Such a simple FBI engagement will not prompt materiality, the bureau said.
Tags: cyber incident disclosure cybersecurity Federal Bureau of Investigation Securities and Exchange Commission The Record