Cyber Incident Guidelines Unraveled by DOJ for Timely Assessment

The Department of Justice (DOJ) has released new guidelines detailing how companies can request a delay to disclosure of significant cyber incidents, as mandated by the Securities and Exchange Commission (SEC). To qualify for a delay, a company must demonstrate that immediate disclosure would pose a risk to national security or public safety. The SEC implemented rules in July that require public companies to disclose material cybersecurity incidents annually.

DOJ’s guidelines provide a roadmap for companies seeking to delay the disclosure of major cybersecurity incidents due to national security or public safety concerns.
The guidelines require companies to immediately contact the FBI in such circumstances, in line with the bureau’s reporting instructions.
The document also includes procedures for U.S. government agencies if an exception to the general disclosure requirement is sought.
The SEC has issued rules requiring public companies to annually report material information about their cybersecurity strategy, risk management, and governance.

The guidelines provide instructions for both private sector organizations and government agencies, underlining the importance of swift and accurate reporting in maintaining national security and protecting the public. The rules laid down by the SEC aim to increase transparency in how companies respond to cybersecurity incidents and manage related risks.

This move is part of a broader trend towards increased scrutiny of cybersecurity practices across the private sector, particularly for public companies whose operations could impact national security. The guidelines provide a clear pathway for companies to navigate if their regular reporting obligations clash with wider security or public safety considerations.

The role of the FBI in these decision-making processes emphasizes the central role the federal agency performs in safeguarding the United States’ cyber infrastructure. Immediate contact with the FBI is a critical component of the guidelines, ensuring that federal authorities are promptly informed about potential threats.

Overall, the DOJ’s guidelines represent an important development in the balancing act between transparency in corporate cybersecurity and the protection of national security and public safety. This will likely catalyze further conversations about the intersection between business, technology, and public policy in the digital age.

Post Views: 79

Latest from Blog

Cyberattack hits Selenium Grid for Crypto Mining – stay safe

Ongoing Cyberattack Targets Exposed Selenium Grid Services TLDR: Cyberattack targeting older versions of Selenium for crypto mining Threat actors using Selenium Grid services for illicit activities Cybersecurity researchers are warning about an

Bridging the cyber talent gap: tips for CISOs

TLDR: – Global cyber threats have increased twofold in recent years, leading to a talent gap of nearly 4 million cyber professionals worldwide. – Existing cyber staff are under strain, with vacancies

Deepfake dangers prompt urgent cybersecurity reevaluations for businesses

TLDR: AI-generated deepfake attacks are on the rise, leading companies to reassess their cybersecurity measures. Companies are developing deepfake response plans and running simulations to increase preparedness. Biometric authentication, once considered secure,

North Korean faces charges for cyberattacks on US targets

TLDR: A North Korean military intelligence operative has been indicted for orchestrating cyberattacks on U.S. hospitals, NASA, and military bases. Rim Jong Hyok, a member of the Andariel Unit, faces charges of

Analysts predict cybersecurity stocks will soar after CrowdStrike’s outage

“`html TLDR: CrowdStrike outage led to potential gains for cybersecurity rivals SentinelOne, Palo Alto Networks, and Microsoft’s cybersecurity business could benefit After a defective CrowdStrike update caused a global tech outage, analysts

Bitsight’s Trust Management Hub: Revolutionizing Security Assessment Process

TLDR: Bitsight has released Trust Management Hub to streamline security assessments. The new solution reduces workload by 25% and improves the assessment cycle by 85%, helping teams close deals faster. Bitsight, a

North Korean hackers pivot to ransomware attacks

TLDR: North Korean hackers from APT45 have shifted from cyber espionage to ransomware attacks APT45 has targeted critical infrastructure and is linked to ransomware families SHATTEREDGLASS and Maui A North Korea-linked threat

Europe’s telecom, electricity sectors evaluated in new EU cybersecurity report

TLDR: EU releases risk assessment report on cybersecurity in telecommunications and electricity sectors Report highlights supply chain risks, shortage of cybersecurity professionals, and threats from cybercriminals and state-sponsored actors Summary: The European

Cyber insurance evolves to cover all your online needs

TLDR: Cyber insurance coverage is evolving to help raise security baselines across businesses. Only one-quarter of companies have a standalone cyber insurance policy. In today’s evolving cybersecurity landscape, cyber insurance coverage is

Study: CrowdStrike slashes losses, Fortune 500 set to save $54B

TLDR: Key Points: CrowdStrike outage will cost Fortune 500 $5.4 billion Cyber insurance will only cover 10-20% of losses In a report by Parametrix, it is estimated that the global IT outage

Suggestions

Cyber Incident Guidelines Unraveled by DOJ for Timely Assessment

Latest from Blog