Image for cyber division business and industry partners page.

Information on the SEC's Final Rule on Disclosing Cyber Incidents

On July 26, 2023, the Securities and Exchange Commission published its final rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. The rule requires publicly traded companies—referred to as registrants—to disclose material cybersecurity incidents in EDGAR, which is the publicly accessible and widely searched SEC filing platform. (Note that a registrant is a public entity that files a registration statement with the SEC and that is subject to reporting requirements of the Securities Exchange Act of 1934.)

The FBI is working closely with the Department of Justice and is committed to our mission of combating cyber threats to our nation’s critical infrastructure. As always, the FBI’s victim-centered approach remains our north star. When you contact the FBI in response to a cyber incident, we will treat your organization with dignity and respect, and we will protect your privacy and data, with rigorous adherence to the U.S. Constitution, applicable laws, regulations, and policies, as well as the FBI’s core values. 

If you believe you have been the victim of a cyber attack, report early by contacting your local FBI field office or the Internet Crime Complaint Center (IC3) at ic3.gov.