As corporate directors and security teams scramble to ensure they meet the Securities and Exchange Commission's (SEC) new cybersecurity regulations, claims due to mishandling protected personally identifiable information (PII) could rival the cost of ransomware attacks, warns David Anderson, vice president of cyber liability at Woodruff Sawyer, a national insurance brokerage. While privacy claims take years to work through the legal process, "losses are generally just as catastrophic over three
