If you don't have a good understanding of an insured's cybersecurity standards, activities and compliance programs, you can't effectively assess the risk. If you don't have a good understanding of an insured's cybersecurity standards, activities and compliance programs, you can't effectively assess the risk. (Shutterstock)

The Securities and Exchange Commission (SEC) announced its first enforcement action under the cybersecurity guidance it released earlier in the year. Under a settlement agreement, a firm agreed to pay a $1 million penalty for failing to operate with appropriate cybersecurity controls in place.

In a case in which the SEC (or other regulator) finds that an organization's cybersecurity is not what it should be, there is a very real risk that an individual lawsuit against the company's management and board of directors could follow, from shareholders, those with compromised information, or both.

Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader

Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.