The answer in most cases appears to be “no.”
“A cyber liability policy could respond to an SEC investigation, depending on the policy’s wording, ‘but there’s a big caveat to that, and that is that cyber policies typically exclude non-privacy-related fines,'” (a brokerage executive) said.
Then there are the implications for D&O insurance and the costs of lawsuits from customers…not to mention stock prices.
The SEC is running out of patience with inadequate cyber incident reporting, according to a source in the article. If a company is not coordinating all this on a senior level with oversight from the board of directors, bad things are likely to happen.
Source: Cyber disclosures attract SEC’s attention | Business Insurance