Following the U.S. Securities and Exchange Commission’s (“SEC”) implementation of cybersecurity disclosure rules on July 26, 2023, new concerns and challenges are emerging with regards to public companies’ insurance portfolios; specifically directors’ and officers’ liability (“D&O”) and cyber insurance policies.
The rules, which were set out to govern registrants’ disclosure requirements relating to cybersecurity risk management, governance, and incident reporting, could give rise to unanticipated issues for the corporations involved. With data breaches becoming increasingly common, insurance safeguards are critical. Having an understanding of how these regulations may affect D&O and cyber insurance policies is of significant importance for all legal professionals working in this domain.
A detailed report by Reed Smith has raised several important considerations bearing potential insurance coverage ramifications. Moving forward, companies might need to take a proactive stance towards altering their insurance portfolios in order to remain in compliance with the SEC’s cybersecurity guidelines.
It is clear that this change in rules implementation has broad-spectrum implications, affecting not only how companies handle cybersecurity-related disclosures but also how they strategize their insurance portfolio to tackle liability issues. As this new landscape continues to unfold, legal professionals will need to stay vigilant and informed about potential coverage gaps that could arise due to the shifting guidelines.
For a thorough understanding of the situation, it is recommended that all legal professionals closely examine the disclosure rules in addition to their in-house insurance policies. Regular re-evaluation and updating will be key to ensuring that companies remain compliant under the SEC’s revised cybersecurity regulations.