As corporate directors and security teams scramble to ensure they meet the Securities and Exchange Commission’s (SEC) new cybersecurity regulations, claims due to mishandling protected personally identifiable information (PII) could rival the cost of ransomware attacks, warns David Anderson, vice president of cyber liability at Woodruff Sawyer, a national insurance brokerage.
While privacy claims take years to work their way through the legal process, “losses are generally just as catastrophic over the course of three to five years as a ransomware claim is over the course of three to five days,” he says.