Cyber Reporting Requirements Keep Policyholders on Toes
Recent laws and proposed regulations requiring disclosures of cyber incidents could encourage increased cyber resiliency but could also result in increased litigation, compliance costs or penalties, meaning policyholders should reexamine their cyber and directors and officers policies to ensure adequate coverage.
While governmental disclosures may incentivize good cyber hygiene, they could also result in increased litigation risks for policyholders if implemented poorly. This means companies should review their cyber policies to determine the extent of their coverage, particularly for costs of complying with reporting cyber events or the costs of government investigations or penalties stemming from an alleged reporting failure, Jim Carter, partner at Blank Rome LLP who represents policyholders, told Law360.
"With respect to the SEC proposed rule, in particular, companies should look to see whether or not the securities-related exclusion, which appears in many policies, contains an exception that would preserve coverage," Carter said.
Regulatory fines and penalties including government investigations relating to a cyber incident are typically covered by cyber policies, but "the policy language can vary drastically from one policy to the next," Carter said, making it important that companies review their policies in light of the act and proposed rule.
To read the full article, please click here.
"Cyber Reporting Requirements Keep Policyholders on Toes," by Daniel Tay was published in Law360 on March 25, 2022.