Small Cyber Breaches Can Create Big Problems for Directors and Officers
High profile cyber breaches make great headlines. Sensational statistics, such as millions of affected individuals or hundreds of millions of dollars in exposure, can be heart-stopping. But, as the dust settles and the average private company executive returns to their duties, it is hard for him or her to truly understand what these losses mean.
Smaller cyber breaches do occur more frequently than what is reported in the news, and they have a severe impact on businesses. The expenses of speaking to a breach coach, hiring a forensic investigator and providing legally required breach notices can mount quickly. Additional third party liabilities arising from a breach can be even more costly.
The real question is what exposures do private companies and their directors and officers face in regard to cyber liability and what can they do about it?
One exposure that is often overlooked is the breach of duty. Just as directors and officers owe the duty of care and loyalty to their organization, they also owe the duty of oversight. This oversight is not exclusive to financial performance. Cyber security falls within this duty. Should shareholders believe that the directors and officers breached this duty, they may be inclined to bring a claim on behalf of the organization.
Cyber security is becoming a common topic of discussion in the boardrooms of public companies as they recognize that cybersecurity risks rival financial accounting exposures. What happens in the public company sphere eventually makes its way, in one form or another, into the private company segment. It’s important for senior leaders of private companies to take note regarding how their public company counterparts are reacting to cybersecurity.
The federal government is weighing in on corporate oversight of cybersecurity. On December 17, 2015, a bill was introduced in the U.S. Senate called the Cybersecurity Disclosure Act of 2015. The bill, if passed, would require the disclosure, by public companies, of the expertise and experience of the individuals sitting on the board of directors, or any lack thereof. The introduction of this legislation emphasizes the need for directors and officers to pay attention to this exposure.
What should directors and officers do?
- Demonstrate they are taking cyber risk security seriously by: having a plan; discussing cyber security in board meetings including review of company practices; educating senior executives and other employees; and hiring a Chief Information Officer or an individual with experience in cyber security
- Consider the purchase of both directors and officers and cyber liability as a necessary part of their risk management strategy
- Review their directors and officers policy for privacy breach expense coverage
- Review their directors and officers policy for a cyber liability exclusion; if one exists, ensure there is a carve back for securities claims
Your clients can protect themselves from these exposures with the following coverage from Devon Park Specialty:
- Directors and officers liability via the Executive ViewPoint (EVP) policy
- Cyber coverage via the Errors and Omissions, Media, Privacy (EMP) policy
Our EVP policy not only provides market leading directors and officers coverage, but it also provides:
- $100,000 sublimit for privacy breach expenses
- Coverage for securities claims arising out of a privacy event
Our EMP policy provides first and third party cyber coverage with:
- Up to $5 million in limits for all coverage parts
- Full limits for all coverages including regulatory actions and business interruption
- Coverage for full prior acts for first time buyers
Big or small, private companies need protection from cyber breaches to protect the assets of their board members. Contact your Devon Park Specialty underwriter to learn more about our solutions for this coverage need.
As always, thank you for your support and business.
Written by and contact Stephen Easley,
Second Vice President, Team Leader | 888-523-5545 Ext. 2536
September 15, 2016