Data breaches and rising activism put executives increasingly at risk

Executive liability continues to increase annually, due to new risks such as cyber incidents, rising regulator and shareholder activism and the influence of third party litigation funders, Allianz Global Corporate & Speciality (AGCS) said.

In its new report, D&O Insurance Insights: Management liability today, AGCS said non-compliance with laws and regulations is now the top cause of D&O claims by number, followed by negligence and maladministration/lack of controls.

The insurer said it observed a general trend for D&O claims to be dismissed or resolved more slowly, meaning lengthier litigation, increased defence costs and higher settlement expectations.

For example, the average US securities class action case takes between three and six years to complete while legal defence costs average around $10 million, rising to $100 million for the largest cases. In the past six years defence costs have almost doubled for large D&O claims in the US.

The number of security class action filings in the US is rising as well and, at mid-year, was on course for its highest annual total for 12 years. Many Asian countries such as Japan, Hong Kong, Thailand and Singapore are also moving towards a more litigious culture. The increase in claims has also been pronounced in Germany where the number of D&O claims for AGCS alone has tripled in the past 20 years.

Going forward, AGCS expects increasingly tough data protection rules to lead to more cyber security-related D&O litigation in the US, but also in Europe, the Middle East and Australia, if there has been negligence in any failure to protect data or a lack of controls.

“Many directors used to see cyber as an IT issue and not an exposure for the board to consider,” explained Emy Donavan, regional head of cyber liability North America at AGCS. “But there is no escaping cyber risks and directors need to be adequately informed, otherwise they will leave themselves exposed.”

Other new management risks include negative disclosures or allegations around environmental pollution, climate change and modern slavery which could result in reputational risks and shareholder activism, public outcry or governmental action, the insurer said.

To mitigate the increase in executive risk, companies need to develop a highly sophisticated risk management culture, AGCS explained. Examples include instilling first-class cyber and IT protection, keeping records of all information relevant to a managerial role and maintaining open communication with authorities, investors and employees. Executives should ask tough questions about compliance related topics such as sanctions, embargoes, domicile registrations, price-fixing and fraud and also learn more about ‘classic’ D&O exposures such as M&A, capital measures and IPOs.

“While the legal landscape differs strongly from country to country, increasing shareholder or regulatory action has become a global phenomenon that needs to be given top priority within companies’ internal risk management departments,” Bernard Poncin, global head of financial lines at AGCS, concluded.