Skip to content

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Mandatory Privacy Policy

This form is designed, in furtherance of 88 Fed. Reg. 51896 (Aug. 4, 2023), to allow you to request of the United States Attorney General, based on the substantial risk to national security or public safety, a delay in providing disclosure of a cybersecurity incident. The FBI is authorized to collect this information to assist with its investigative and national security missions as set forth in 28 U.S.C. § 534, 28 C.F.R. § 0.85, and any other applicable federal laws, rules, and executive orders. You are not required to provide your name or other personal information; however, your failure to supply requested information may impede or preclude the consideration of your request. By voluntarily providing information on this form, you are consenting to the FBI's use and maintenance of the information. Any information you provide on this form shall be shared with the United States Attorney General or his designee(s). In addition, the information may be used for investigative purposes and may be shared as required by law or for other routine uses as permitted by the Privacy Act of 1974 and all applicable routine uses as may be published at any time in the Federal Register, including routine uses for the FBI's Central Records System and the FBI's blanket routine uses.

Visit the FBI's privacy policy page for more information on the FBI's general privacy policy.

To request a reporting delay, victim companies must contact the FBI directly by using the form below or through the U.S. Secret Service, the Cybersecurity and Infrastructure Security Agency, the Department of Defense, or another sector risk management agency.

A red asterisk (*) indicates a required field.

When did the cyber incident occur?
When did you make a determination to disclose a cyber incident via 8k?

Failure to report this information immediately upon determination will cause your delay-referral request to be denied.

*Is there confirmed or suspected attribution of the cyber actors responsible?
Location of Incident
*Has your company previously submitted a request for delay in SEC reporting, or is this the first submission?