The U.S. Securities and Exchange Commission has begun to crack down on companies it deems to have breached securities laws by making inadequate cybersecurity disclosures, a policy that shows no sign of slowing down.
As a result, businesses have been advised to establish clear internal communications strategies on cybersecurity issues, and to also examine their directors and officers liability insurance and cyber liability policies to determine whether they have adequate coverage if the issue arises.
Some SEC cyber disclosure actions have resulted in penalties of up to $1 million. Industry experts attribute the increased attention on cyber intrusion preparation to the reality of cyberattacks in the economy today, and an alarming lack proper preparation on the part of organizations to fight it.
The agency will likely become even more aggressive in the future, as the SEC is expected to have less tolerance for organizations that don’t take the basic steps to protect sensitive data.
Companies should develop incident response plans that include how to deal with a vulnerability’s discovery before it becomes an intrusion, then make sure the infrastructure is in place to address that vulnerability. Organizations need to get a clear picture of their own cybersecurity environment and communicate regularly about roles and responsibilities. Also, a well-constructed D&O policy should cover investigation costs in the event of a breach.
It pays to invest in solid cyber security plans, whether or not the SEC or any other entity is looking for problems. It’s just good business these days. Contact the professionals at Evergreen Insurance for guidance on cyber security.
Copyright 2022 Evergreen Insurance
Evergreen Insurance provides these updates for information only, and does not provide legal advice. To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.