The risks for businesses are constantly evolving, and
the pressures on company boards and officers are continually growing. Gone are
the days when directors’ and officers’ main concerns were related to company
mismanagement and misrepresentation claims. Chief among the potential risks
boards must now deal with are emerging technologies, cyber-risk issues, and ever-expanding
litigation against companies and their boards. Given the emergence of these
three threats, it is imperative that you and your fellow board members review your
directors
and officers liability (D&O) insurance for any
lapses in coverage.
Emerging Technologies
Technology is advancing like never before, and
businesses are using innovative technological tools to revamp everything from
back-office processes to the products and services they deliver to customers.
But with the excitement of new and arguably better solutions come a lot of
unknowns.
Although artificial intelligence (AI), blockchain technology, digital assets, and quantum computing are all emerging technologies with something to offer businesses, each also presents potential exposures that must be understood and addressed. Whether it’s the lack of regulation, the evolution of existing regulations to keep up with new technology, a company’s inability to keep up with the times, or a board’s failure to properly disclose associated risks or costs, these new innovations can give rise to exposures that are now only being discovered by courts of law and insurance companies alike. For example, the failure to adequately disclose the potential risks associated with the implementation of AI, or misrepresentations about those risks, could lead to a potential directors and officers (D&O) insurance claim.
Cybersecurity
and Privacy-Related Issues
In the relatively short history of cybersecurity exposure, boards have generally considered cyber-related loss to be a top risk for companies. The threats these incidents can pose to organizations, directors, and officers are becoming more apparent. Those threats include an increase in:
Securities class-action filings as stock drops
associated with data breaches continue.Derivative lawsuit filings against directors
and officers for alleged mismanagement or false or misleading statements related
to cyber incidents.
Over the past year, we’ve seen greater regulatory scrutiny and
activity in the cyber exposure space, and it is not limited to civil litigation.
The Securities and Exchange Commission (SEC), for example, has settled
enforcement proceedings arising out of matters such as a company’s purported
material misstatements and omissions regarding a large data breach and alleged
failures in cybersecurity policies and procedures surrounding such a breach
that compromised the personal information of thousands of customers. We expect
that the SEC and other regulators will continue to focus on cybersecurity
threats and breaches going forward.
In addition to breaches, privacy regulations—such as the General Data Protection Regulation in Europe—are a priority for all boards and a major area of focus for regulators. For example, the Federal Trade Commission’s recent acknowledgment that it has the ability to penalize individuals for their companies’ privacy law violations is a reminder that individuals are not immune to these types of exposures.
In addition to liability concerns, cyber- and privacy-related issues can cause reputational harm. A rating agency recently downgraded its outlook on a company in large part because of breach-related issues. The impact of cyber- and privacy-related exposures on companies and their directors and officers are only beginning to play out.
Litigious
Environment
One need not look far to find significant litigation risks for businesses and their boards of directors. According to an analysis by NERA Economic Consulting, 83 percent of completed company mergers are met with litigation, and one in 12 publicly traded companies are expected to be sued in a securities class action suit this year. What’s more, following the March 2018 US Supreme Court decision in Cyan, Inc. v. Beaver County Employees Retirement Fund, companies going through initial or secondary public offerings are now more likely to be met with litigation in both state and federal court than before.
The world of corporate governance has changed. Business decisions
are now closely scrutinized by the public. The use of email among company
individuals forever preserves a record of discussions that once might have
remained private. And actions taken in the public eye—including those through
social media—can expose a company and its officers and directors to some form
of liability.
Plaintiffs’ attorneys, meanwhile, become more resourceful every
day; even those firms that were previously not feared have turned filing
lawsuits into a factory business. And smaller to midsize companies that once
barely caught the eye of the plaintiffs’ bar are now squarely in their
crosshairs.
According to NERA, 441 new securities class actions were filed in 2018, the most in any year since the aftermath of the 2000 dot-com crash. 2018 was also the fourth consecutive year of growth in the number of filings, exceeding the 434 filings in 2017. In the first quarter of 2019, 118 securities class actions were filed; that puts us on track for 472 class actions this year, and a fifth consecutive year of growth.
The heightened pace and total of securities class action filings that
has continued into 2019 is, in part, attributable to the growing number of
follow-on, event-driven securities litigation filings, as opposed to cases
involving accounting misrepresentations and financial restatements that have
historically made up the bulk of securities litigation. Event-driven litigation
occurs when some adverse event at a company triggers a securities claim—based either
on a stock drop following the announcement of such an event or in the form of a
derivative action thanks to an alleged breach of fiduciary duty. In addition to
cyber-, privacy-, and sexual harassment-related,
event-driven litigation, an array of other incidents have led to securities
claims, including mass torts, product defects, product recalls, food safety
issues, anti-corruption scandals, and the California wildfires. These types of
risks are difficult to predict.
The cost of litigating even a baseless case that is dismissed or
settled early on can be significant, which has not gone unnoticed by D&O insurers.
The more litigious environment coupled with years of falling premiums and expansions
in coverage have brought the D&O market to a crossroads. The market has seen
14 years of generally soft conditions, providing buyers with favorable premium
pricing and broad coverage enhancements. Over the last few quarters, however,
we’ve seen a dramatic switch. Premium increases are now commonplace and policy
negotiations have become more difficult as insurers face pressure on primary,
excess, and Side-A—or personal asset protection—differences in condition
pricing.
With the risks for directors and
officers constantly becoming more numerous and complex, insurance is more
important than ever. It’s vital to consult closely with your insurance and
legal advisors to ensure the companies you serve have robust D&O insurance
programs that protect both corporate and personal assets against these, and
other, potential threats.
Sarah Downey is the D&O product leader at Marsh.