Corporate Cybersecurity Concerns Mount as Threats Grow

In the wake of the attacks of Sept. 11, 2001, businesses quickly realized they had a shared problem: terrorism insurance. Or, more accurately, a lack of it, as premiums for commercial insurance against acts of terrorism skyrocketed – in the instances where it was even available. The upheaval led to the passage of the Terrorism Risk Insurance Act of 2002, creating a federal backstop for insured losses due to acts of terrorism.

Corporate America is facing a similar problem now with cybersecurity. No single event on the scale of 9/11 has plunged the market for cyber insurance into chaos. However, as the threats posed by online crimes continue to grow, cybersecurity insurance premiums are rising apace. It also takes more resources to comply with the cyber defense requirements imposed by insurance underwriters. As a result, it appears as though momentum is building for government intervention in the market for cyber insurance.

Corporate executives are contending with a panoply of cybersecurity issues, ranging from ransomware to data breaches to run-of-the-mill online scams. A recent survey of chief information officers by technology consulting firm Gartner Inc. found that respondents consider cybersecurity their most critical investment priority in the coming year. Roughly two-thirds of participants indicated they intend to ramp up cybersecurity spending in 2023. Gartner estimated that worldwide spending on cybersecurity will hit $188.3 billion next year, up more than 11% from this year.

Part of that new spending will come from price increases. Premiums for cyber insurance policies rose by an average of 28% from the fourth quarter of 2021 through the first three months of 2022, according to the Council of Insurance Agents & Brokers. Smaller businesses may find themselves priced out of the market as a result.

So, what role should the federal government play in stabilizing the cyber insurance market? In a report issued this summer, the U.S. Government Accountability Office hinted that a backstop is warranted along the lines of what is available for terrorism insurance.

Meanwhile, regulators – of both the official and shadow variety – are assessing how cybersecurity should factor into corporate compliance. For example, a recent article in The Harvard Law School Forum on Corporate Governance noted that cybersecurity doesn’t fit neatly into the standard framework of corporate programs for environmental, social and governance issues.

For its part, the Securities and Exchange Commission has proposed new cybersecurity disclosure rules for public companies. Among the suggested changes is a requirement for issuers to disclose material cybersecurity incidents, such as data breaches and ransomware attacks, within four business days of learning they occurred. As we await the release of the final rules, questions remain about how companies should determine what constitutes a “material” cyber breach.

Companies undoubtedly will face new disclosure requirements and expectations regarding best practices, as well as potential disputes over liability for harms caused by non-compliance. In the meantime, the best advice for companies and their boards of directors might be to redouble their efforts to patch up the holes in their cyber defenses.

Latest Articles

DOJ Details New Approach for Enforcing Foreign Corrupt Practices Act

Following a four-month freeze on the enforcement of laws against bribing foreign officials, Deputy Attorney General Todd Blanche on June 9 announced details of the Department of Ju...

Read More

A Tax Transparency Reckoning: Are Corporate Tax Disclosures Entering a New Era?

As outlined in a new Intelligize report, The New Disclosure Challenge: Income Taxes, ASU 2023-09 and Investor Expectations, the Financial Accounting Standards Board’s issuance of A...

Read More

Five Reasons Public Companies Are Stockpiling Bitcoin

Retail investors aren’t the only ones riding the Bitcoin wave. Publicly traded companies are getting in on the action, too. In recent weeks, GameStop and Trump Media, which operate...

Read More