New SEC Rules Add Challenges in Uncertain Cyber Insurance Market

JeremyKing[BUDGET AMMO] Jeremy King is a partner at Olshan Frome Wolosky. He wrote an article for Bloomberg where he analyzed cyber risk management issues that companies should prioritize in response to new SEC reporting requirements for cybersecurity incidents and threats.

Here is a quick summary and I suggest you send the link to your InfoSec budget holder so that they can assess the importance. Ransomware is a big deal these days.    


New SEC cybersecurity rules are putting the heat on public companies to up their game in risk assessment, loss control, and incident reporting. These rules make it mandatory for companies to report significant cybersecurity incidents within four business days through a Form 8-K disclosure. This isn't just paperwork; it's a legal requirement that could put board members and execs in hot water if they don't comply.

Cyber insurance is becoming a must-have, but the new rules are shaking up the market. Companies need to review their insurance programs, especially with the annual reporting requirements kicking in for fiscal years ending after December 15. Fitch Ratings noted that cyber insurance premiums have soared from $2 billion in 2018 to over $7 billion in 2022. Rates themselves jumped by 15% in Q4 2022.

So, what should companies do? First, get legal advice to design a solid cybersecurity risk management plan. This plan should cover everything from privacy violations to ransomware attacks. Second, scrutinize your Directors and Officers (D&O) insurance policies. Some might not cover cyber incidents, leaving you exposed. Third, make sure your insurance covers not just direct losses but also third-party incidents, like a vendor getting hacked. Lastly, keep your reporting accurate and consistent to meet SEC requirements. 

In short, the new SEC rules mean you've got to be more vigilant than ever. It's not just about having cyber insurance; it's about having the right kind and amount, all while keeping the regulators satisfied. Full article:

A Master Class on IT Security: Roger Grimes Teaches Ransomware Mitigation

Cyber-criminals have become thoughtful about ransomware attacks; taking time to maximize your organization’s potential damage and their payoff. Protecting your network from this growing threat is more important than ever

RogerMasterClass-FeatureImage (1) (1)
Join Roger Grimes, Data-Driven Defense Evangelist at KnowBe4,  for this thought-provoking webinar to learn what you can do to prevent, detect, and mitigate ransomware. You'll learn:

  • How to detect ransomware programs, even those that are highly stealthy 
  • Official recommendations from the Cybersecurity & Infrastructure Security Agency (CISA)
  • The policies, technical controls, and education you need to stop ransomware in its tracks
  • Why good backups (even offline backups) no longer save you from ransomware

Watch Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Ransomware

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews