Cybersecurity Ranks as Highest D&O Liability Worry: Willis Towers Watson

July 22, 2018

Cybersecurity is the top directors and officers (D&O) liability concern for organizations today, while claims brought by employees, including claims for harassment or discrimination, and regulatory enforcement risks are also critical D&O exposures.

According to Willis Towers Watson’s 2018 Management Liability (Directors and Officers) U.S. Survey, the top D&O risks “in the coming year” include cyber incident/cyber claims (80%), claims by employees (55%), and regulatory and enforcement risks (48%).

Meanwhile, concern over investor claims ranked seventh among the top concerns, a finding the report said was “surprising” given the rise in shareholder activism and trends in securities class action filings.

Respondents also said D&O premium rates and any insurance program cost changes over the past year were primarily driven by company financial performance (39%) and industry risk profile (37%). Meanwhile, less than 30% of company respondents felt that cost changes were due to insurance market competition, “suggesting that market competition in pricing is less of a factor than it has been the last few years.”

In evaluating D&O insurance program priorities, a majority of companies (58%) ranked obtaining more favorable policy language as the most important change to their program this year. Looking ahead, coverage for investigations (including investigations of the organization itself) ranked as the most important primary coverage issue over the next three years. “Surprisingly, 77% of respondents consider entity investigation coverage important. Although, current purchasing habits do not appear to be aligned with that concern,” the report noted.

In reviewing claims experience over the past year, more than half of the respondents (55%) said their organization had “experienced” a lawsuit or demand by a current or former employee, but only 34% of those submitted claims for those experiences. Overall, the report found a significant portion of unreported claims across a range of experiences, including lawsuits by customers and cyber breaches, noting the “extent of unreported incidents is concerning and could jeopardize coverage due to late notice.”

“It is not surprising to see cyber risk ranked as the top concern,” said Rob Yellen, executive vice president, D&O and Fiduciary Liability product leader, FINEX North America, Willis Towers Watson. He cited the new General Data Protection Regulation (GDPR) and the California Data Privacy Protection Act, “combined with the potential for a bet-the-company crisis resulting in severe financial and reputational harm,” as elevating cybersecurity to a top risk management issue for directors and officers.

The survey was conducted January through April 2018 and includes responses from 77 executives from various publicly traded and privately held companies, representing a range of industries.

Source: Willis Towers Watson