D&O Liability: Three Emerging Areas to WatchD&O Product Leader at Marsh
As business risk evolves, the pressures on company boards and officers are growing. Gone are the days when the main concerns of directors and officers were related to company mismanagement and misrepresentation claims.
Chief among potential risks that boards must now deal with are: emerging technologies, cyber-risk issues and ever-expanding litigation against companies and their boards. Given the emergence of these three threats, it is imperative that board members review their directors and officers liability (D&O) insurance for any lapses in coverage.
Technology is advancing like never before, and businesses are using innovative technological tools to revamp everything from back-office processes to the products and services they deliver to customers. But with the excitement of new and arguably better solutions come a lot of unknowns.
Although artificial intelligence, blockchain technology, digital assets and quantum computing are all emerging technologies with business value, each also presents potential exposures that must be understood and addressed. These new innovations can give rise to exposures that are now only being discovered by courts of law and insurance companies alike, whether that is due to lack of regulation, the evolution of existing regulations to keep up with new technology, a company’s inability to keep up with the times or a board’s failure to properly disclose associated risks or costs.
For example, the failure to adequately disclose the potential risks associated with the implementation of AI or misrepresentations about those risks could lead to a D&O insurance claim.
Cybersecurity and Privacy-Related Issues
In the short history of cybersecurity exposure, boards have generally considered cyber-related loss to be a top risk for companies. The threats these incidents can pose to organizations, directors, and officers are becoming more apparent. The threats include an increase in:
- Securities class-action filings as stock drops associated with data breaches continue.
- Derivative lawsuit filings against directors and officers for alleged mismanagement or false or misleading statements related to cyber incidents.
Over the past year, we’ve seen greater regulatory scrutiny and activity in the cyber exposure space, and it is not limited to civil litigation. The Securities and Exchange Commission (SEC), for example, has settled enforcement proceedings arising from matters such as a company’s purported material misstatements and omissions regarding a large data breach and alleged failures in cybersecurity policies and procedures surrounding such a breach that compromised the personal information of thousands of customers.
We expect that the SEC and other regulators will continue to focus on cybersecurity threats and breaches going forward. In addition to breaches, privacy regulations — such as the General Data Protection Regulation in Europe — are a priority for all boards and a major area of focus for regulators.
For example, the Federal Trade Commission’s recent acknowledgment that it has the ability to penalize individuals for their respective companies’ privacy law violations is a reminder that individuals are not immune to these types of exposures.
In addition to liability concerns, cyber- and privacy-related issues can cause reputational harm. A rating agency recently downgraded its outlook on a company in large part because of breach-related issues. The impacts of cyber- and privacy-related exposures on companies and their directors and officers are only beginning to play out.
The market has seen 14 years of generally soft conditions, however over the last few quarters, we’ve seen a dramatic switch.
One need not look far to find significant litigation risks for businesses and their boards of directors. According to an analysis by NERA Economic Consulting, 83% of completed company mergers are met with litigation, and one in 12 publicly traded companies are expected to be sued in a securities class action suit this year.
What’s more, following the March 2018 U.S. Supreme Court decision in Cyan, Inc. v. Beaver County Employees Retirement Fund, companies going through initial or secondary public offerings are now more likely to be met with litigation in both state and federal court than before.
The world of corporate governance has changed. Business decisions are now closely scrutinized by the public. The use of email among company individuals forever preserves a record of discussions that once might have remained private. And actions taken in the public eye — including those through social media — can expose a company and its officers and directors to some form of liability.
Plaintiffs’ attorneys, meanwhile, become more resourceful every day; even those firms that were previously not feared have turned filing lawsuits into a factory business. And smaller to midsize companies that once barely caught the eye of the plaintiffs’ bar are now squarely in their crosshairs.
The Rise of Securities Class Actions
According to NERA, 441 new securities class actions were filed in 2018, the most in any year since the aftermath of the 2000 dot-com crash. 2018 was also the fourth consecutive year of growth in the number of filings, exceeding the 434 filings in 2017. In the first quarter of 2019, 118 securities class actions were filed; that puts us on track for 472 class actions this year and a fifth consecutive year of growth.
The heightened pace and total of securities class action filings that has continued into 2019 is, in part, attributable to the growing number of follow-on, event-driven securities litigation filings, as opposed to cases involving accounting misrepresentations and financial restatements that have historically made up the bulk of securities litigation.
Event-driven litigation occurs when some adverse event at a company triggers a securities claim — based either on a stock drop following the announcement of such an event or in the form of a derivative action thanks to an alleged breach of fiduciary duty. In addition to cyber-, privacy-, and sexual harassment-related, event-driven litigation, an array of other incidents have led to securities claims, including mass torts, product defects, product recalls, food safety issues, anti-corruption scandals and the California wildfires. These types of risks are difficult to predict.
The Cost of Litigation
The cost of litigating even a baseless case that is dismissed or settled early on can be significant, which has not gone unnoticed by D&O insurers. The more litigious environment coupled with years of falling premiums and expansions in coverage have brought the D&O market to a crossroads.
The market has seen 14 years of generally soft conditions, providing buyers with favorable premium pricing and broad coverage enhancements. Over the last few quarters, however, we’ve seen a dramatic switch. Premium increases are now commonplace, and policy negotiations have become more difficult as insurers face pressure on primary, excess, and Side-A — or personal asset protection — differences in condition pricing.
With the risks for directors and officers constantly becoming more numerous and complex, insurance is more important than ever. It’s vital to consult closely with your insurance and legal advisers to ensure the companies you serve have robust D&O insurance programs that protect both corporate and personal assets against these — and other — potential threats.
This piece was first published on the NACD blog