Large corporations may be keeping cyberattacks a secret from investors and the public, according to the Securities and Exchange Commission (SEC). In October of last year, the agency released documentation that outlined the necessary measures corporations must take if they have been the target of an attack. The document outlined reporting procedures for such events, but the agency suspects that companies have not taken these requirements to heart for the sake of their businesses.
Since October, a scant few corporations have followed the reporting procedures outlined by the SEC, despite the fact that many companies, including Lockheed Martin, claim that they had been the target of cyberattacks. SEC officials are unsure whether companies are attempting to protect their position amongst investors or protect themselves from costly lawsuits that the agency would enforce against them. The impact on the insurance industry, however, is becoming more apparent.
Cyberattacks often leave the personal and financial information of consumers at risk of being stolen and exploited. Even if an attack is fended off successfully, there is no way to tell whether a small amount of information has been stolen. In such a case, insurers are liable for any damages that these attacks may cause to both consumers and companies. Insurers are concerned that corporations are not taking appropriate measures to protect themselves because they see cyberattacks as a mundane risk. The SEC may choose to investigate the matter of these reporting shortfalls and, perhaps, work to enforce regulations that require companies to manage this risk adequately.
Live insurance news updated daily.