Heightened SEC Scrutiny on Cyber Incident Disclosure
Public companies are encountering increased scrutiny from the Securities and Exchange Commission (SEC) regarding their cyber incident response procedures and disclosures. The SEC has ramped up enforcement efforts following the release of cybersecurity disclosure rules in 2023 and has announced the creation of a Cyber and Emerging Technologies Unit.
“We’ve seen a growing number of SEC enforcement actions tied to how companies handle disclosures related to cyber incidents,” said Meredith Brown, head of U.S. cyber and E&O at QBE North America. Companies must regularly review and refine their cyber incident response plans and disclosure processes to ensure compliance.
Insurance Response to New Regulatory Actions
Traditional cyber policies typically tie regulatory actions to specific privacy events, creating a potential gap in coverage for SEC regulations that are not privacy-related. As the SEC increases its enforcement activity, more companies are likely to submit claims related to these actions. Many of these claims could also have a D&O component since SEC actions often name individuals.
To address this uncertainty, some insurance carriers are introducing coverage enhancements. QBE North America has launched two new enhancements: SEC Disclosure Costs Coverage and Enhanced SEC Regulatory Coverage. The first covers costs associated with engaging external legal counsel to advise on post-cyberattack compliance with SEC regulations. The second provides coverage for violations of SEC regulations, addressing a gap in traditional cyber policies.
These enhancements are crucial as companies navigate the increasingly complex regulatory environment. The SEC’s focus on emerging technologies like Artificial Intelligence reinforces the need for companies to strengthen their incident response frameworks and ensure proper disclosure of cybersecurity incidents.
The response from brokers to QBE’s new coverage enhancements has been positive, indicating a market demand for cyber insurance solutions that better protect public companies. To learn more about QBE’s cyber insurance offerings, visit their website.
