Steven Weisman and Sherilyn Pastor were quoted in the Wall Street Journal’s quarterly cyber insurance update, focusing on new SEC cyber rules that may increase insurance risks for corporate directors and how statute of limitations can affect ability to recoup losses from insurance. The new disclosure rule could serve as a roadmap for shareholder lawsuits against a business’s leadership if a security incident occurs.
Steven discussed potential insurance coverage implications regarding recently enacted cybersecurity incident reporting rules issued by the U.S. Securities and Exchange Commission. “Public companies may soon find themselves in the ‘worst of both worlds,’ where neither cyber nor D&O policies pay for legal bills over SEC investigations and investor lawsuits,” Steven cautioned.
Sheri commented on the University of California’s cyber coverage suit against the Lloyd’s of London. The insurer denied coverage for a 2014 attack implicating millions of patients’ health-related, asserting that that claim was time barred. Sheri noted that a policyholder may not actually know it sustained a cyber loss at the time of a breach. She explained that policyholders therefore need to know the law because the time to bring a claim or suit against an insurer may be tolled or extended.