Cybersecurity » Cybersecurity Failures Bring Heavy D&O Risk

Cybersecurity Failures Bring Heavy D&O Risk

An symbolic assembly of objects: On the left a roll of bills; in the middle tiles with arrows on them, some pointing left, some right; on the right a wooden piece, a bit like a chess piece. Symbolically, that figure could be "liable."

December 6, 2022

Studies from major carriers and consultants, including a survey from Willis Towers Watson in conjunction with law firm Clyde & Co, highlight a concern that has become top of mind for corporate risk managers: Potential liability, including personal liability, for directors and officers as the result of a breach or loss of data. The level of concern has gone from near zero a few years ago to the top of the list, or close to it.

The studies are cited in a post from London-based cyber risk management company KYND, which discusses cyber risk in both UK and U.S.-based companies. For UK companies, the post notes that public company directors bear responsibility for compliance with the EU’s GDPR (General Data Protection Regulation), and failure in this regard can make them personally liable. In the U.S., the more immediate risks are likely shareholder derivative actions and cyber-related securities class actions, although in some circumstances, even criminal charges are a possibility: The writers note that directors and officers have faced insid er trading charges after selling stock before a breach was publicly disclosed.

How can you mitigate cyber risk? The post concludes with a list of recommendations. The first is a familiar imperative: Establish cyber risk management “as a process, not as a one-time solution.” The recommended process includes due diligence on potential new partners or suppliers, with ongoing monitoring from then on. Last but not least on the list of mitigation strategies is the major theme of this post: “Obtaining adequate cyber and D&O covers.”

“Transferring the risk via cyber insurance,” it says, “is an important part of an organization’s effective approach to cyber risk management; it provides a safety net to your organization, as it serves as a financial buffer against catastrophic loss and the substantial costs associated with a cyber incident, as well as providing valuable post-breach support.”

Share this post:

Find this article interesting?

Sign up for more with a complimentary subscription to Today’s General Counsel magazine.