A new SEC cyberattack reporting rule has left public companies and insurers exposed to potential regulatory probes and shareholder class actions alleging senior executives failed to supervise their businesses’ cybersecurity practices.
The US Securities and Exchange Commission recently issued rules that formally outlined directors’ responsibilities in cybersecurity governance for the first time, laying the groundwork for potential enforcement actions.
The rule also set a road map for investors to bring derivative claims alleging a company’s senior executives breached their fiduciary duty by failing to manage cyber risks. And it put insurers on alert that they could find themselves exposed to underlying claims, insurance attorneys say.
“The plaintiff bar is drooling. They’re like, ‘when does this go into effect?’” said Kelly Geary of EPIC Insurance Brokers & Consultants.
Source: Cyberattack Rule Raises Insurance Risks for Corporate Officers