The US Securities and Exchange Commission recently issued rules that formally outlined responsibilities in cybersecurity governance for the first time, laying the groundwork for potential enforcement actions. This could leave public companies and insurers exposed to potential regulatory probes and shareholder class actions alleging senior executives failed to supervise their businesses’ cybersecurity practices. According to Steven Weisman, “it’s time for public companies to reassess their insurance program to ensure that they have coverage. Some cyber policies cover fines and penalties from the FCC, the FTC, and state regulatory agencies, but not the SEC.”
Additional coverage of this topic includes: