Although cyber related claims on D&O insurance policies are still relatively rare, they are nonetheless increasing in importance, as class action litigation becomes a consequential risk of proliferating cyber-crime incidents. Policies tailored specifically to cyber risks are in an early stage of evolution and the wrinkles are still being ironed out. Insurance professionals are still learning the best approaches and responses, often in reaction to a major event, and insurers have not had enough time to adequately model and set appropriate premiums given the fast changing and multi-jurisdictional threat of cyber-attacks.
They currently face the significant challenge of modelling risk in an actively developing area where the applicable laws are generally no more than ten years old. The threat posed by cyber-breaches has been changing faster than the security measures used to counter them can keep up. Applicable D&O policies, therefore, can quickly become outdated and the policy language has to be changed to cover new risks. Risk can be more reliably managed in contexts of either small/frequent or large/rare claims. Cyber D&O coverage, however, poses the significant underwriting challenge of limiting risk with respect to claims which are potentially both frequent and large, in the face of a legal and technological environment in active flux.
The scope of D&O cyber-liability litigation is also poised to change as the current experience, which has been generally limited to consumer class actions and security holder derivative actions, could be further complicated by issues of intellectual property loss and devalued company assets given the increasing severity of data breach consequences. D&O might well be caught unprepared for these intellectual property issues, since patent infringement is often excluded by cyber insurance, as it can be covered by IP insurance, and defence costs are also generally limited to claims arising from acts committed by non-management personnel.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.