DOJ & FBI Issue New Guidelines for Delayed Reporting of Cyber Incidents to the SEC

Under the Securities and Exchange Commission’s (SEC) new Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule (cybersecurity rule), public companies subject to the cybersecurity rule must promptly disclose any “material cybersecurity incident.” Such reporting can be delayed if the U.S. attorney general determines that disclosure “poses a substantial risk to national security or public safety.”…
By: Faegre Drinker Biddle & Reath LLP