"Report Finds S&P Companies Are Underinsured for Cybersecurity Risk"
The US Securities and Exchange Commission's (SEC) cybersecurity rule, released last year, requires public companies to disclose material cybersecurity incidents and information about their cybersecurity risk management, strategy, and governance. All 440 of the S&P 500 companies, surveyed in the third annual report on disclosures released in November 2023 by the global consulting firm Deloitte and the Peter Arkley Institute for Risk Management, mentioned cybersecurity risk. Almost 50 companies revealed that it would be unlikely for them to get cyber insurance on acceptable terms. Two companies disclosed that they did not carry cyber insurance at all, with one citing the costs and limited coverage as reasons for not having such insurance. This article continues to discuss findings surrounding S&P companies being underinsured for cybersecurity risk.
Submitted by grigby1