Cyber-attacks, such as network intrusions, data-theft and malicious damage to crucial systems are now one of the key risks that UK boards seek to protect their companies against. However, some boards fail to consider that in the event of an attack and the close scrutiny that follows they may face significant personal liabilities, leaving directors and officers (D&O) personally exposed and increasingly concerned.
That concern is not unfounded. In 2014, approximately 81 per cent of large businesses and 60 per cent of small businesses suffered a data breach. As the attacks have become more prevalent and sophisticated, the costs of dealing with them has run into the millions for some. Against that backdrop, it is easy to see why cyber risk remains one of the most significant emerging threats facing companies in the UK.
Despite those figures, it is concerning that:
- around 26 per cent of D&Os do not consider cyber risk as part of their overall risk management strategy; and
- approximately 22 per cent of D&Os of smaller businesses 'don’t know where to start' with their cyber security
In other words, there is a real risk that up to a quarter of boards have not properly addressed the risks posed by cyber threats to their companies, creating a personal exposure on the part of the D&Os. That exposure has not gone unnoticed by D&O underwriters, with US based firm AHT insurance reporting that 60 per cent of D&O underwriters now consider the consequences of a cyber-incident to be a major risk to D&Os.
Download cyber security D&O bulletin
For further information please contact Kurt Rothmann, Head of Management Liability, Financial Lines Group on +44 (0)20 7528 4961