173 views 48 secs 0 comments

Feds brace for implementation of SEC cyber disclosure rules

In Legal News
December 14, 2023

The Record reports:

The U.S. government is readying to implement contentious new disclosure rules for digital attacks that could both create headaches for the private sector and law enforcement and shed invaluable light on the state of ransomware and online threats.

On December 18, a rule passed earlier this year by the Securities and Exchange Commission will go into force that in most cases requires public companies to disclose when they have experienced cyber incidents no later than four business days after they determine the intrusion will have a material impact on operations.

The obligation has prompted massive backlash from industry, which has argued that the requirement is too onerous for such a brief timeframe, and from Capitol Hill, where Republican lawmakers have introduced legislation that would repeal it altogether.

Nonetheless, agencies have begun preparing to execute the SEC directive, including allowing possible exemptions.

The Justice Department on Tuesday issued guidance on how it will determine whether companies qualify for disclosure delays — specifically when the Attorney General determines that the disclosure would pose a threat to public safety or national security. It details several categories of circumstances where the department believes that standard might apply.

The explanation comes days after the FBI released its own exemption policy.

Read more at The Record.