Cyber insurance and directors and officers (D&O) liability insurance go hand in hand now that company business models increasingly revolve around technology, according to a white paper published by Airmic with support from Marsh and AIG.
Cyber incidents are dramatically on the rise, with AIG reporting as many cyber claims in 2017 as in the previous four years combined. There has been another significant jump so far in 2018 even before the impact of the General Data Protection Regulation (GDPR).
“The risk of cyber-attack is a constantly evolving threat, and, for most companies there is a recognition that it is not a case of ‘if’ but ‘when’ their organisation will be impacted,” says the report.
It points out that there have already been several high-profile shareholder class actions resulting from cyber incidents, a scenario that puts companies’ D&O policies under the spotlight. It urges boards to “take a proactive approach to their insurance arrangements, ensuring that individuals and the company have adequate cover in the event of a cyber incident where a company and its senior management may face regulatory investigations or shareholder litigation.”
The white paper’s author, Senior Management Liability Specialist at Marsh Eleni Petros, said insurers may now be looking more closely at companies’ cyber-security arrangements when underwriting a D&O risk.
“Apart from being best practice risk management, it is clearly going to make buying D&O insurance easier if you have done all you can to ensure that your technology is robust,” she said. “As the potential for D&O claims arising from technology failure continues to increase, the quality of your cyber risk management framework will determine how attractive you are to potential D&O insurers.”
Noona Barlow, Head of International Financial Lines Claims, AIG said: “We’re delighted to have been involved in putting together this report, which has highlighted how having both the right D&O and cyber cover and claims response is essential given the inter-connectivity of the two exposures. It’s clear that when buying D&O insurance the risk manager needs to take into account the almost-certainty that a cyber incident will impact the company at some point, and ensure senior management is aware of the importance of a robust cyber-security framework and effective insurance.”
“As our white paper points out, it is increasingly difficult to separate out cyber-related insurance from other types of risk such as D&O because technology has become so embedded in company business models,” said Airmic technical director and deputy CEO Julia Graham. “It is also a great illustration of how good risk management and insurance purchase are two sides of the same coin.”