Insurance Market Update 2: Directors and Officers Liability Insurance

In my previous blog, I looked at the importance for CFOs to take a deeper dive into the details of their subsequent business interruption insurance. Given the lessons learned during the COVID pandemic, it is imperative that CFOs continue to educate themselves on the shortfalls that standard form insurance policies as much as they do on the rising price of insurance premiums. And they need to act on this new left of knowledge to build a new, more creative, and inclusive template to guide future negotiations with insurers as well as strategic business development and comprehensive risk mitigation.

This blog looks at a second issue that has seen much more attention throughout the pandemic: Directors and Officers Liability (D&O) insurance.

What is D&O Insurance?

Defined as insurance that offers liability cover for company managers to protect them from claims that might arise from the decisions and actions taken within the scope of their regular duties, D&O insurance exists because managers can and do make mistakes. The typical coverage includes financial protection for managers against the consequences of actual or alleged “wrongful acts,” as well as covering the personal liability of company directors. 

Common D&O risk scenarios include:

• Employment practices and HR issues.
• Shareholder actions.
• Breach of fiduciary duties resulting in financial losses.
• Fraud or misuse of company funds.
• False, inaccurate, or inadequate disclosure.
• Decisions that step beyond the authority granted to a company officer.
• Failure to comply with laws or regulations.
• Risks associated with insolvencies, mergers and acquisitions, and intellectual property.
• Cyber-related claims.
• The growing impact of diversity, climate change, and environmental and social governance (ESG) factors.

The Need for Diligence

Two scenarios, in particular, have pushed D&O insurance into the forefront of every CFOs mind: employment practices (harassment and respectful workplace claims) and cyber breaches. Not surprisingly, insurers are reporting a significant rise in claims frequency and severity in these two areas. As I mentioned in my previous blog, a recent article in Enterprise Risk magazine noted that cyber incidents are among the top three issues that keep business leaders awake at night. 

Given the increasing prominence of the General Data Protection Regulation (GDPR) across all sectors of the global business environment, the various data protection laws that have come into force or are currently moving through legislative channels, these restless nights of not surprising.  

And even a passing look at some recent statistics highlights the reasons that D&O insurance should be high on a CFO’s priority list if it isn’t:

• Every 39 seconds a hacker attempts to access a computer with Internet access as per a University of Maryland study. (University of Maryland study). 
• 25,575 records are accessed in an average data breach according to IBM.
• 90% of known malware is delivered via emails. 
• And of the millions of breaches that occur annually, Verizon reports that 58% involve compromised personal data, which “includes email addresses, names, phone numbers, physical addresses and other types of data that one might find hiding in an email or stored in a misconfigured database.” 

As CyberCrime Magazine reports, “cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined.

CFOs need to know that while stand-alone cyber policies are essential pieces of every business insurance portfolio, they likely cover things like forensics, ransom (from ransomware attacks), and the like. Directors and Officers are still vulnerable to lawsuits under most standard cyber policies. They can be sued, essentially, for lack of corporate governance; in other words, for not having run the company in such a way as to mitigate or block the risk of cyber attacks, data breaches, or ransomware attacks. 

Equally important to note is that such issues as workplace harassment, sexual misconduct, and toxicity can, in some cases, also expose company leaderships to lawsuits. In 2018, for example, Mark Cuban, the billionaire owner of the Dallas Mavericks, was ordered to pay $10 million to women’s leadership and domestic-violence organizations under an agreement with the NBA when the league uncovered systemic sexual harassment and other improper conduct among employees in the team’s front office.

And as Canadian Underwriter reported in December 2020, other issues are looming large on the horizon: 

“The megatrend of diversity, climate change, and environmental social and governance (ESG) factors is likely to cause a variety of civil suits in the future, Allianz Global Corporate & Specialty warned. Some American technology firms have been sued by shareholders alleging that the company’s board of directors violated their fiduciary duties by their inaction on diversity issues. In some instances, it is alleged by plaintiffs suing corporations that those corporations’ boards lack Black directors. In other cases, plaintiffs allege that companies have failed to adjust business practices in line with changing climate conditions.”

Types of D&O Coverage

Although coverage can be custom-built to address unique business needs, there are essentially three types of D&O insurance to be aware of:

1. A-side coverage covers directors and officers for defense costs, settlement fees, or judgments if the company cannot indemnify them.
2. B-side coverage covers the company for directors’, officers’, and employees’ losses when the company does indemnify them.
3. C-side coverage, which is sometimes called entity coverage, protects an incorporated company in its own right. Be aware that C-side coverage might reduce the limits available to protect the individual officers and directors.

Conclusion

The ongoing lessons being learned in an age of #MeToo and investor activism are profound and deeply felt. As I noted in my previous blog, today’s business can be disrupted radically, suddenly, and in ways many business owners cannot comprehend.

The bottom line: CFOs must continue to educate themselves on how best to protect their companies, directors, officers, and employees from the risks associated with the climate of social change in which business currently operates.