More than 5% of public companies this year said that they had experienced either a significant cyber-attack or a sizeable data loss in the past year, compared to only 30% in 2017

Cyber-attacks and data loss/breach top the list of risks which are causing directors most concern, according to Willis Towers Watson and Allen & Overy, sixth annual Directors’ liability report, D&O: Personal Exposure to Global Risk

These risks have overtaken regulatory and other investigations as the most concerning for directors.

The report found that 51% of public companies this year said that they had experienced either a significant cyber-attack or a sizeable data loss in the past year, compared to only 30% in 2017.

When asked to prioritise the risks facing their businesses, more than half (52%) described the risk of data loss, data breach or risks associated with the EU’s new General Data Protection Regulation (GDPR) as very or extremely concerning.

Exactly 50% ranked cyber-attack as causing them the same level of anxiety. When combined – as the two risks are inter-related – they become a huge concern for business leaders. The recent fines imposed on supermarkets and the continuing reputational damage as a result of such breaches, supports how seriously these are taken.

Other key survey findings:

  • Some 43% of large employers and 38% of listed companies have experienced a regulatory claim involving a director in the last 12 months; regulatory investigations therefore remain unsurprisingly in the top three risks;
  • The regulatory focus on personal accountability is changing company behaviour, with 60% saying it is impacting decision-making processes;
  • Some 72% of public companies are worried about the current economic climate and 72% about geopolitical risks – an increase from the 59% who felt geopolitical uncertainties created a significant risk last year;
  • Health and safety legislation impacting on a company’s business is now a significant concern for 37% of respondents, as against just 18% of those surveyed last year.

Francis Kean, executive director, FINEX, Willis Towers Watson said: “It is the breadth as well as the depth of the concerns expressed by senior managers in this survey which is striking. From health and safety to criminal activity and from increased risk of employment claims to climate change the spectrum of potential sources of liability for directors is wider than it has ever been. For the first time, the presence of an active and increasingly sophisticated plaintiff’s bar ready to bring claims against directors anywhere in the world also features as a key concern. Sitting on top of all this is the almost daily reality for companies of cyber-attack or the risk of serious data loss. Never has there been a more important time for directors to understand the personal liability protections available to them.”

Joanna Page, partner and head of A&O’s Insurance Litigation group commented: “Seven years on from the launch of our first report focusing on directors’ liabilities we can clearly see that conditions have become increasingly challenging for company directors. High-ranking individuals in public and privately-held corporations face unprecedented scrutiny and bear the brunt of global enforcement efforts by regulators to combat corporate failings. For the first time, we see concerns dominated by the threats of cyber-attack and data loss – fears that are not new but are rapidly moving up the agenda. If you are a senior manager or director, it is important to be entirely comfortable about the scope of your personal liability protection. Be clear on your own responsibilities and reporting lines and brace for the renewed regulatory focus on individual conduct.”