To many, the new SEC rules that require public companies to disclose “material” cybersecurity incidents within four days of determining their materiality may seem like a challenging, if not unreasonable, demand. Companies should put a priority on preparing incident response plans that will help them meet compliance.
Cyber insurance only forms part of the puzzle in bolstering cyber resilience. Even with cyber insurance, businesses must not consider themselves immune from ransomware attacks. They must still implement cyber hygiene practices as part of a holistic data protection and recovery strategy.