Increasing cyber breaches has had a knock-on effect on directors’ and officers’ liability insurance, with the number of claims rising, stakeholders seek compensation for failures to protect data. But, as this forces company directors to pay closer attention to these risks, the market is set to change for both Cyber and D&O liability.
Although the UK market has not yet reached a point where cyber liability insurance is a legal requirement, many feel that D&O liability insurance should be viewed this way. High profile data breach cases in the US saw derivative lawsuits brought against directors alleging they breached their fiduciary duties by failing to protect their customer information. Such as the retailer Target case, where as many as 40 million customers’ credit and debit card details were compromised and a further 70 million had their personal information stolen during 2013/14.
US activities have a knock on effect on the volatility within the UK market, although there have not been any cases of this size seen in the UK as of yet, protecting against the possibilities of risks occurring is vital.
The EU General Data Protection Regulation changes are due to be released early this year (2016). The new rules set out to be imposed will require EU companies and organizations to notify the national supervisory authority of serious data breaches as soon as possible. Meaning more companies will come under the spotlight.
In addition to the new rules, much higher fines will be issued. Currently firms face a maximum penalty of £500,000 from the information’s commissioner’s office for serious breaches of the data protection act. Under the new EU rules, fines will see an increase to a maximum of €20million or 4% of the company’s global annual turnover.
What does Cyber and D&O liability insurance cover
Cyber policies offer a range of predominantly first party cover, to help companies recover after a cyber or data breach, Cyber liability often includes of the following;
- Liability: privacy and confidentiality
- Copyright, trademark, defamation
- Malicious code and viruses
- Business interruption: network outages, computer failure
- Attacks, unauthorised access, theft, website defacement and cyber extortion
- Technology errors and omissions
- Accidental data breaches/ human error
- Intellectual property infringement
- Crisis management
D&O provides third party liability cover, protecting the directors and officers of a company from claims brought against them by stakeholders, including investors, employees or regulators, often covering areas such as;
- Damages, judgements, settlements, crisis, PR, prosecution and defence costs
- Legal representation costs
- Costs arising from extradition proceedings
- Tax contributions where the company has become insolvent and personal liability ensues
- Actions between directors of the same company
- Employment-related wrongful acts
- Whistle blowing
- Pollution defence costs
Be cautious when combining policies
By combining these two polices, you could potentially limit the level of cover held over yourself and your company.
Say a company takes out a combined policy, including cyber and D&O offering £20m worth of cover. If the company suffers a major cyber breach it could easily use up the total amount of cover within the first few weeks dealing with the notification, forensics and reporting requirements.
If the costs escalate and the business becomes insolvent, the directors could face a rather problematic situation. If the company can’t indemnify the directors, their personal assets will be on the line.
This hypothetical scenario outlines the importance for firms to have both Cyber and D&O liability cover. As a chartered insurance broker, we understand the market and can arrange for suitable cover to be arranged. Follow the links below to find out more.