In the US, the Federal Bureau of Investigation (FBI) has issued guidance regarding the data breach reporting requirements of the US Securities and Exchange Commission (SEC), providing useful information on how disclosures can be delayed. The SEC announced in late July that it had adopted new cybersecurity incident disclosure rules for public companies, requiring them to disclose, through a Form 8-K filing, any material breach within four business days. The rules are set to go into effect on 18