Bradley attorney Brendan Hogan was quoted in Insurance Business America on how cyber breaches in 2018 impacted D&O liability insurers. As organizations continue to face small and large-scale cyberattacks, the danger lies in how management responds, or doesn’t respond, to cyber breaches of sensitive data.
“Many of the recent incidents have involved breaches that initially occurred some time ago, and we’re starting to see the typical shareholder plaintiffs’ firms begin to bring actions or consider bringing actions related to management response to those claims. That’s a different type of claim than we’ve seen so far relating to cyber breaches and to cyber incidents,” said Hogan. “No one’s been successful in those actions yet, but from a D&O insurance perspective, the fact that they're starting to bring them is almost as concerning because of the high defense costs that are often associated with those types of actions.”
“We haven’t seen public regulatory action to a large degree yet in response to GDPR, but I think that it’s just a matter of time before that happens, especially with recent events in the news,” he added. “It’s an evolving area and I think that the regulatory action is certainly not going to go away. We expect that it’ll continue to expand in the coming years, and obviously making sure that your D&O policy is, as a policyholder, appropriately structured to provide coverage for regulatory investigations is important.”
A common point of concern that comes up when Hogan works with clients is also important for brokers and agents to note as they help insureds understand their D&O policies.
“One thing that we often are asked about and help our clients with is how the term ‘claim’ is defined in their D&O policy because, as a policyholder, you have to make sure that the first time one of your employees or board members receives a subpoena relating to an investigation, that that’s covered under your policy,” Hogan explained. “You don’t want to have to wait until the formal charges are filed – that’s likely many months after the investigation begins and many months of defense fees and attorney costs that haven’t been picked up by insurance if your policy is structured the wrong way.”
“Almost every company has some sort of cyber exposure now, so companies in areas that are not as highly regulated need to start thinking more clearly about how those terms are defined in their policies, and their agents and brokers should do so as well,” Hogan said. “That’s something that can be done fairly easy in the renewal process or in the placement process.”
The complete article, “Sharper Scrutiny of Business Leaders Will Soon Have Implications for D&O Insurers,” first appeared in Insurance Business America on January 30, 2019.