SEC Cyber Reporting Mandates: How to Request a National Security or Public Safety Delay | Wiley Rein LLP

The new guidance highlights the importance of having a process in place to review cybersecurity incidents at the time they occur, determine materiality and reporting obligations, and assess whether a notification delay request based on public safety or national security grounds should be requested before the four-day SEC public notification obligation deadline. It also underscores the importance of having relationships – directly or through counsel – with FBI contacts that can help. In our experience, the FBI’s cyber teams are often highly responsive and try to help victims with discretion.

There is only a short window of time between making a materiality decision, requesting a notification delay, and public disclosure of a cybersecurity incident. Companies would be well served by preparing for these short deadlines now.

Source: SEC Cyber Reporting Mandates: How to Request a National Security or Public Safety Delay | Wiley Rein LLP