In a column published on 6/26, Segal McCambridge Shareholder Daniel DiLizia writes that insurance companies must continue to apply robust cybersecurity procedures to head off digital attacks and the hacking of client personal information. DiLizia cites a 2022 Gartner study that found nearly half of all organizations worldwide have experienced an attack on their software supply chains, which underlines the need for greater vigilance. Among DiLizia’s recommendations are purchasing cyber insurance, auditing your company’s internal cybersecurity procedures, promoting a culture of security, and developing an incident response plan.
“Development of internal practices and a strong cyber incident response plan is essential following the U.S. Securities and Exchange Commission’s 2023 cybersecurity regulation enactments,” DiLizia writes. “These rules changes require Form 8-K disclosure of material cyber incidents within four business days after the company first learns of a potential cyber incident. The disclosure must include the nature, scope and timing of the incident, as well as the potential material impact on the company.”
He says that these new SEC regulations also mandate annual disclosure of a company’s cybersecurity risk processes, as well as its internal analysis of a potential cyber incident’s impact on the company’s well-being. Such disclosure requirements ensure greater vigilance, more robust internal cybersecurity procedures, as well as a constant focus on mitigating such threats.
“Cybercriminals are always seeking new ways to infiltrate the sensitive and private data routinely maintained by insurance companies,” DiLizia writes. “While not all cyberattacks can be prevented, carriers should invest in cyber insurance — and in their teams — to thwart cybercrime attempts, especially following the SEC’s recent cybersecurity protocol disclosure requirements.”
Read the story in full; click here (subscriber-based).