General Insurance Article - Directors and officers liable for cyber attacks warns Marsh


According to Marsh, a global leader in insurance broking and risk management, company directors and officers need to be certain of their responsibilities relating to the prevention or management of a cyber event, or else they run the risk of being held personally liable should an attack against their firm occur.

 Under many regulatory regimes, directors and officers have extensive responsibilities to implement systems and controls to manage their company’s data usage. If, following a cyber attack, it is found that they have breached these fiduciary duties, company directors and officers could be personally exposed to lawsuits, shareholder class actions and regulatory activity.
  
 Beth Thurston, head of Management Liability, Financial and Professional (FINPRO) Practice, Marsh, said:
 “Management boards should develop cyber strategies that take these legal obligations into account. However, it is clear from recent high-profile cases that such strategies must be more than a box-ticking exercise – the management of cyber risk now needs to be an intrinsic part of day-to-day life for management boards.”
  
 According to Marsh, there is an abundance of capacity in the UK insurance market for directors and officers liability (D&O) insurance. With the exception of financial institutions, rates for D&O insurance have declined on average by 0%-10%, or have remained stable, in the last 12 months. As a result, clients are increasingly utilising the cost savings on their current programme to purchase larger limits of D&O insurance.
  
 Eleni Petros, a senior vice president in Marsh’s FINPRO Practice, said:
 “Although the UK D&O insurance market is still highly competitive, insurers are acutely aware of the impact cyber-related claims can have on their margins. As a result, underwriters are scrutinising their clients’ policies and procedures to establish a clearer picture of the understanding and management of cyber risk at board level.
  
 “Typical D&O policies are very broad and cover individual directors for all acts, errors, and omissions arising from their conduct as directors, which could include matters relating to a cyber incident. Cover may also be available for the company itself in the event of shareholder litigation, but insureds should check that there is no cyber exclusion, which would mean that no insurance cover is available for a cyber incident.
  
 “Directors and officers should take a proactive approach to managing their insurance arrangements. By ensuring that they have adequate cover in place, they can personally protect themselves from the impact of regulatory investigations or shareholder litigation following a cyber incident.”

Back to Index


Similar News to this Story

IPT receipts for 2024 to 2025 hits over GB7bn in January
According to this morning’s HMRC data, Insurance Premium Tax (“IPT”) receipts stood at £853 million in January 2025, bringing the 10-month total for t
Unlocking the potential of IFRS17 insights and opportunities
As mentioned in part one of this blog series, IFRS 17 has reshaped financial reporting for insurance contracts since its implementation on 1 January 2
Lack of expertise main barrier to AI adoption in insurance
A lack of expertise within insurance companies is the biggest challenge to implementing artificial intelligence (AI) technology. As AI has the potenti

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

Email
Password
 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS

WikiActuary

Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.