LATEST CYBER REPORTING RULES

LATEST CYBER REPORTING RULES

On July 26th, 2023, the Securities and Exchange Commission (SEC) announced new cybersecurity rules for registered companies. The new rules require public companies to disclose cyber security breaches to the market, four days following the determination that the breach was material. Specifically, the rules require these companies to disclose the nature, scope, timing of the incident and its likely material impact on their organization.

Incident Disclosure requirements are a key aspect of the SEC’s new regulations. Businesses must report any cybersecurity incident within the given time frame. The agency sees disclosure of these incidents as important in protecting an organization’s reputation and facilitating a quick response to mitigate damages.

“These incident disclosure requirements would provide assurance to clients and stakeholders that steps are taken to protect sensitive information, and this is essential to maintaining trust. “Whether a company loses a factory in a fire – or millions of files in a cybersecurity incident – it may be material to investors.” -SEC Chair Gary Gensler

Under the new rules, every firm must outline a strategy that provides guidelines on identifying, assessing, mitigating, and communicating cybersecurity risk. On an annual basis, the regulations require companies to disclose material cybersecurity incidents they experience and material information regarding their cybersecurity risk management/governance. Included in this annual disclosure is the planned oversight of Cyber exposures by the Board of Directors.

As cyber threats continue to evolve, the importance of risk management and adequately securing information systems cannot be overstated. By implementing cybersecurity risk management programs, businesses can better identify, mitigate risk, and adapt to changing circumstances to achieve their cybersecurity objectives.

KEY TAKEAWAYS:

  • The SEC’s new rules increase the importance for public companies to maintain excellent Cyber and D&O Insurance policies as part of their insurance portfolios, as they provide coverage for certain costs related to regulatory investigations.
  • Cyber Insurers require insureds to have reliable high-level cyber security procedures in place in order to issue policies. They have a great deal of expertise to share, thus, it is essential to work with them to make certain that risk management of these issues is up to date.
  • In order to comply with the level of supervision that both Insurers and the SEC require, it is important for companies to make certain they have open communication between corporate functions such as IT, regulatory, and Legal. When issues are raised, they are evaluated as soon as possible.

For more information about what your Board of Directors should be reviewing, view our detailed recommendations here. 

CYBER PICTURE
WATCH: Understanding and Applying the SEC’s New Cybersecurity Rules
In  this webinar, you will hear from Leading Cyber & Privacy Attorneys along with Insurance experts...
man-5806012_1280
REFLECTING ON 2023 & INSIGHTS FOR 2024
OVERVIEW: The Public D&O Market through 2023 continued to be driven by basic principles of supply...
manufacturing (2)
Cyber Speak, Simplified: Breaking Down Technically Complex Issues for Non-Technical People
Cybersecurity is hot on nearly everyone’s mind, but how much does the average person really know? Although...
Share

Table of Contents

CYBER PICTURE
WATCH: Understanding and Applying the SEC’s New Cybersecurity Rules
In  this webinar, you will hear from Leading Cyber & Privacy Attorneys along with Insurance experts...
man-5806012_1280
REFLECTING ON 2023 & INSIGHTS FOR 2024
OVERVIEW: The Public D&O Market through 2023 continued to be driven by basic principles of supply...
manufacturing (2)
Cyber Speak, Simplified: Breaking Down Technically Complex Issues for Non-Technical People
Cybersecurity is hot on nearly everyone’s mind, but how much does the average person really know? Although...
Powered by people and fueled by our vision and purpose.

BRP is an award-winning, entrepreneur-led, and inspired insurance distribution holding company delivering solutions that give our clients the peace of mind to pursue their purpose, passion, and dreams. Our family of firms’ best-in-class resources and diverse portfolio of services are innovating the industry by taking a holistic and tailored approach to insurance and risk management.