As a follow up to yesterday’s post, our recent Client Alert discusses new guidance from the FBI, DOJ, and SEC on requesting a delay to Form 8-K disclosures for material cybersecurity incidents that pose a substantial risk to national security or public safety.  Our client alert discusses the process the FBI has established to request the delay, the approach the DOJ will take when evaluating whether to authorize the delay, and new Compliance and Disclosure Interpretations (CDIs) issued by the SEC’s Division of Corporation Finance regarding this national security and public safety exception.

Continue Reading New Guidance on Delayed Disclosure of Material Cybersecurity Incidents

In July 2023, the U.S. Securities and Exchange Commission (SEC) adopted final rules requiring that public companies report material cybersecurity incidents under new Item 1.05 of Form 8-K, and disclose information regarding their cybersecurity risk management, strategy, and governance in annual reports on Form 10-K. Foreign private issuers are subject to similar disclosure requirements in Forms 6-K and 20-F. Although the final rules were effective this past September, the SEC provided for transition periods for compliance with the new disclosure requirements, which transition periods will end soon.

Continue Reading Reminder: Material Cybersecurity Incident Reporting Required December 18, 2023