The SEC cybersecurity disclosure rules (see the text here) requires public companies to disclose hacks within four days, which we earlier predicted would lead to confusion, scrambling and lawsuits. “’The plaintiff bar is drooling. They’re like, ‘when does this go into effect?’ said Kelly Geary of EPIC Insurance Brokers & Consultants… As a result, public companies may soon find themselves in the ‘worst of both worlds,’ where neither cyber nor D&O policies pay for legal bills over SEC investigations and investor lawsuits, said Steven Weisman, a partner at McCarter & English, LLP. D&O policies cover claims and regulator probes against a company and its directors.” Read the useful Bloomberg article here.
The Leading Source for Cybersecurity Insurance News, Insights and Data