We’re going to see more liability claims against directors and officers (D&O) over cyber incidents in 2018, according to Aon
’s cybersecurity arm, Stroz Friedberg.
While cyber D&O claims have been largely dismissed in the past, escalating cyberattacks and a regulatory clampdown mean D&Os are likely to be increasingly held responsible for the handling of cyber incidents, according to the newest report from the firm.
Currently, cyber events rank among the top three triggers for D&O derivative actions, but these claims are expected to intensify in 2018, the Stroz Friedberg report found.
“As the risk becomes more and more apparent, and as there is an increased knowledge and understanding of cybersecurity, privacy risks and concerns, there will absolutely be an increased duty of care and an increased expectation that our information will be safe when we give it to other people,” Shannan Fort, cyber expert at Aon
Risk Solutions, told Insurance Business.
There have been a handful of D&O cyber cases in the past, including perhaps the most high-profile, which saw executives at US retailer Target sued by shareholders after a cyberattack that affected approximately 110 million of its customers. But in 2018, liability claims will be ramped up as those affected seek to establish culpability.
“I think what we will continue to see, and not just for D&O, but for liability claims in general surrounding breaches, is that these cases will start to advance within the courts,” Fort said.
“As these breaches become more public, especially the really big ones, we are seeing people take any path possible in order to recoup losses, or to make sure that people are held accountable. That will continue to increase over the coming year.”
Heightened concern among executives over liability, and the financial and operational impact of cyber risk, will also drive changes in the insurance market, according to the report. As businesses demand more comprehensive cyber coverage, that coverage will reach beyond provisions in other policies, such as property, errors and omissions, and general liability, it said.
With an increased focus on accountability, organisations will have to demonstrate that they have followed best practices to protect both consumers and employees. This will lead to an increased focus on proactive measures, such as better data hygiene, bug bounty programs, and multi-factor authentication (MFA) becoming standard practice for a broader and more diverse set of companies.
D&O for SMEs becoming a key sell for brokers, says Zurich
: How do you insure the tech community for cyber risk?