Cyber risk is a growing concern for Directors and Officers (D&O) liability re/insurers as business models continue to increasingly integrate and revolve around technology, according to a new report published by Airmic with support from Marsh and AIG.
Airmic found that the frequency of cyber-attacks has continued to rise dramatically, with AIG reporting as many cyber claims in 2017 as in the previous four years combined, and 2018 set to far exceed last year’s numbers.
“The risk of cyber-attack is a constantly evolving threat, and, for most companies there is a recognition that it is not a case of ‘if’ but ‘when’ their organisation will be impacted,” the report stated.
It noted that several high-profile shareholder class actions have already resulted from cyber incidents, which has put companies’ D&O policies under the spotlight.
The actions of the board and senior management may come under scrutiny following a cyber security breach, particularly if they have failed to implement appropriate reporting, system or cyber security, and data protection controls.
In response, Airmic urged boards to “take a proactive approach to their insurance arrangements, ensuring that individuals and the company have adequate cover in the event of a cyber incident where a company and its senior management may face regulatory investigations or shareholder litigation.”
The report recommended that companies ensure there is sufficient expertise at the board level to evaluate and manage cyber risk, which may be achieved through hiring members with security backgrounds or through dedicated committees, in addition to providing training and education for all company employees.
Eleni Petros, Senior Management Liability Specialist at Marsh and author of the report, added that re/insurers should now be looking more closely at companies’ cyber-security arrangements when underwriting a D&O risk.
“Apart from being best practice risk management, it is clearly going to make buying D&O insurance easier if you have done all you can to ensure that your technology is robust,” she said. “As the potential for D&O claims arising from technology failure continues to increase, the quality of your cyber risk management framework will determine how attractive you are to potential D&O insurers.”
Noona Barlow, Head of International Financial Lines Claims at AIG, also commented: “We’re delighted to have been involved in putting together this report, which has highlighted how having both the right D&O and cyber cover and claims response is essential given the inter-connectivity of the two exposures.”
“It’s clear that when buying D&O insurance the risk manager needs to take into account the almost-certainty that a cyber incident will impact the company at some point, and ensure senior management is aware of the importance of a robust cyber-security framework and effective insurance,” Barlow continued.
Finally, Julia Graham, Technical Director and Deputy Chief Executive Officer (CEO) at Airmic, stated: “As our white paper points out, it is increasingly difficult to separate out cyber-related insurance from other types of risk such as D&O because technology has become so embedded in company business models. It is also a great illustration of how good risk management and insurance purchase are two sides of the same coin.”