Cyber ranks highest among directors’ concerns in a crowded field

woman using a tablet in a dark stairwell

Hot off the press, our latest Directors’ Liability Survey and review of the legal and regulatory landscape affecting directors and senior executives makes for fascinating reading. This is the sixth collaboration between Willis Towers Watson and international law firm Allen & Overy and it’s our largest ever. We polled 161 senior managers in the U.K. and beyond.

It’s the breadth rather than the depth of the concerns expressed by senior managers in this survey which is striking. From health and safety to criminal activity and from increasing employment claims and the risk of insolvency to climate change and regulatory risk, the spectrum of potential sources of liability for directors is wider than it has ever been. For the first time, the presence of an active plaintiff’s bar ready to bring claims anywhere in the world against directors also emerges as a new concern. Among some of the most eye catching findings in this year’s survey are:

  • 44% of companies have experienced either a significant cyberattack or a sizeable data loss in the past year (up from just 24% last year)
  • 75% of U.K. directors point to growing economic and geopolitical risks having an impact on their firms compared to just 47% for non-U.K. respondents
  • 62% of respondents identify the issue as to whether a D&O (directors and officers) policy will respond to claims in all jurisdictions as their chief concern

Taking this last finding first, it’s intriguing that for the first time in six years this issue of policy response around the globe has such prominence. It may be due to a combination of the general concern that liability exposures are becoming more international together with worries (in the U.K. at least) around Brexit and the loss of passporting and perhaps also recognition of the growth of an increasingly mobile plaintiffs’ bar. In the report we devote a section to this phenomenon from which you can see that, in the U.K. alone, estimates put the size of litigation funders at well in excess of £1.5 billion. That’s a lot of money with which to pursue claims including against directors.

The findings about cyberattacks and data loss are unsurprising, but both the scale and severity of the incidents are. On top of that, 52% of those surveyed cited the EU’s new General Data Protection Regulation as very or extremely concerning. Of course we have yet to see the impact of these new laws. As my colleague Anthony Dagostino, global head of cyber risk at Willis Towers Watson puts it in the report: “Cyber resilience starts with the board because they understand risk and can help their organizations set the appropriate strategy to effectively mitigate that risk.” Of course with that power also comes responsibility.

Together with Allen & Overy, we’ve used the survey as an opportunity to conduct a review of the legal and regulatory landscape and, in that context, have unearthed some important statistics pointing to increasingly active regulators and criminal prosecutors. For example, the number of notices to compel production of documents issued by the U.K.’s Serious Fraud Office has increased by 41% last year to 1,032. Also the number of investigations opened by the Financial Conduct Authority increased from 247 in 2016 to 527 in June 2018. The increasing focus by the authorities both in the U.K. and beyond on tax evasion and its less sinister but still significant cousin, tax avoidance, is another area of concern focused on in the report.

Finally the chapter dealing with liability protections repays more than a casual glance. We touch on the subject of hardening insurance market conditions before providing some practical tips and checklists both with regard to insurance and indemnities. On the questions of key concern to our interviewees, I found of particular interest the divergence of opinion as to priorities between those responsible for the purchase and administration of D&O policies and the end users (i.e., the directors themselves). That will be the subject for a future blog, but in the meantime I commend this report to you.

About Francis Kean

Francis is an Executive Director in Willis Towers Watson's FINEX Global, where he specializes in insurance for Dir…
Categories: Cyber Risk, Directors & Officers | Tags: , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *