The Department of Justice has issued guidelines detailing the process companies may use to ask DOJ to delay disclosures of material cybersecurity incidents required by the Securities and Exchange Commission.
DOJ said Tuesday a company may delay disclosing the cyber incident in Item 1.05 of Form 8-K if the U.S. Attorney General determines that such a move would pose a risk to public safety or national security.
In July, SEC implemented rules directing public companies to divulge material cybersecurity incidents and report annually material information on cybersecurity strategy, risk management and governance.
According to the DOJ guidelines, when a registrant thinks that a disclosure may pose a risk to national security or public safety, the organization should immediately contact the FBI in accordance with the bureau’s reporting instructions.
The document also outlines procedures for U.S. government agencies to follow when an exception to the general disclosure requirement might apply.