Recognizing that cyberattacks have already commenced and could spread beyond the Russian-Ukrainian battlefield, organizations can take several steps to protect themselves. They can recognize the risk. Then organizations can assess likely cyber threats and vulnerabilities, build resilience and take preventive actions, to avoid becoming another casualty in a conflict that already has too many.
Cyber criminals are becoming increasingly sophisticated, and the costs to mitigate damage inflicted by a cyber breach are rising. With these threats in mind, cyber insurance has emerged as an attractive way for companies to mitigate risk. In this episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss sits down with his Faegre Drinker colleague David Porteous, an authority on the securities regulations related to cybersecurity, and Conrad Deneault, a cyber insurance executive and provider of consultative risk management, to discuss cybersecurity regulation and enforcement efforts in the financial services industry as well as insurance coverage.
As publicly reported late last week, the Securities and Exchange Commission’s Division of Enforcement (SEC) sent voluntary requests for information to a range of public companies and investment firms seeking voluntary disclosure of information related to last year’s SolarWinds cyberattack. Specifically, the SEC is seeking information related to whether the companies and firms were exposed to the SolarWinds cyberattack and any remedial measures the companies and firms implemented in response.