D&O insurance underwriters are being challenged to better understand the companies they work with, as emerging issues in governance — such as cyber and ESG — blur the boundaries of coverage.
Richard Clarke (pictured), chief insurance officer at Colonial Surety Company, has years of experience with D&O insurance and has said that “there are many more questions underwriters need to ask to make sure they have a clear view of potential losses when writing a policy.”
“They are also tasked with knowing exactly what should be included in a specific D&O policy and must avoid using vague phrasing that could be interpreted otherwise.”
Clarke spoke with Insurance Business about how cyber and ESG-related business standards are re-shaping the underwriting process for D&O coverage and creating a more informed, if more cautious, policy.
At its core, D&O insurance is meant to protect against managerial malpractice rather than safeguarding C-suite level employees during a crisis that extends beyond the limitations of its coverage.
The threat of cybercrimes has introduced new caveats to be aware of when writing D&O policies, especially in the aftermath of the Equifax data breach from 2017.
The credit bureau was victim of a colossal cyber heist, where the private records of 147.9 million Americans, 15.2 million Brits and 19,000 Canadians were compromised as a result.
When reviewing the Equifax’s insurance policy, it was revealed that there was no specific clause in the D&O coverage that outright excluded cyber-related incidents.
“Vague phraseology allowed C-suite level employees to receive some sort of coverage in lieu of this data breach, something that the insurers did not want to be misrepresented as distinct cyber coverage,” Clarke said.
Effectively afterwards, insurers began tightening its underwriting to ensure that cyber coverage was specifically removed from any D&O policy, even in instances where ineffective wording can be interpreted as such.
“Now, you’re going to have to purchase sufficient cyber insurance to protect yourself,” Clarke said. “This was an instance of D&O insurers redefining their limitations and reinstating that they are not providing specific cyber coverage.”
Most insurers have made a steep pivot in this direction and have begun to carve out a more distinct product offering. For example, “in a separate cyber policy, the listing of insured persons would include directors and operators in the case that they are alleged to have provided poor leadership with respect to the protection and security of the organization,” Clarke said.
However, if an insurer has not yet written a more exclusionary D&O policy, it can argue that “the organization did not have comprehensive cyber coverage and can sue management for their inability to provide adequate protection,” Clarke said.
D&O coverage is also being challenged by the adoption of ESG-related business practices. Now, underwriters must be mindful of a multitude of concerns including changing environmental regulations, workers’ safety, potentially detrimental business practices and many others.
For example, Clarke used pharmaceutical and biotechnology company Bayer to highlight this issue of complex underwriting concerns. Bayer, a producer of aspirin, also has a division that produces pesticides, some of which are extremely powerful and lethal if not handled properly.
“In this instance, an underwriter will have to approach D&O policies in a much different way to ensure that the directors and officers have strong regulations that will prevent dangerous cross contamination or any threat to workers handling these chemicals,” Clarke said.
These new emphases on human and environmental health, while vital, mean that underwriters must be engaged with the history and innerworkings of a business with a keen attention to detail and an increased risk management mindset.
Furthermore, there is also the complexities of how annual aggregate amounts have affected policy pricing. Unlike auto insurance, where there is the potential for defense funding outside of defined limits, D&O policies have a fixed amount of money allocated to pay for covered claims and any defense related to them.
“All of these factors culminate into a more difficult job for underwriters who are trying to write policies,” Clarke said. “They now have to do a lot more research and then decide how they are going to price a policy accordingly.”
“You can't refuse to take any risk or you're not going to have any premium to pay the claims that are mostly inevitable. You've got to strike a happy medium.”
