4 Tips For Policyholders As SEC Adopts Cyber Reporting Rule, quotes by Avery Dial, Esq., in Law 360 Insurance Authority, 8-21-2023

With the U.S. Securities and Exchange Commission’s new cybersecurity disclosure rule coming earlier than expected, companies should quickly close insurance coverage gaps that the rule may render more dangerous, experts told Law 360…

The final rule’s retention of that limit will place additional stress on a policyholder during the immediate post-incident period, during which an affected company is usually rushing to assess an incident’s scale and mitigate or contain it, said Avery Dial, a partner with Kaufman Dolowich Voluck LLP who represents insurers. “During post-breach remediation and damage mitigation, there’s so many things going on, and this will just be one more thing to be concerned with in that time frame,” Dial said…”The rule is imposing duties on the company to, one, report immediately breaches that are found to be material, and then two, to report annually in detail, what’s the board’s role in oversight, what’s management’s experience in dealing with these risks?” Dial said. “That falls on the duties of management.” …With the implementation of the rule, companies will likely be negotiating for at least some cyber coverage in their D&O policies, Dial said. “It’s a big possibility, companies taking a look at their coverages and saying, now that we have this disclosure to execute as a company, and we have to describe how our management handles cyber, I want coverage that doesn’t exclude cyber,” Dial said

Read more at the full article.