Skip to main content
main content, press tab to continue
Article

Top 7 risks - Directors and Officers Liability Survey 2023

By Eve Richards and James Cooper | March 30, 2023

Cyber, data loss and cyber extortion (the latter new last year) continue to be the highest ranked and in percentage terms are all significantly above other risks.
Climate|Cyber Risk Management|Financial, Executive and Professional Risks (FINEX)
N/A

The top three risks to directors and officers (D&Os) remain unchanged from last year - cyber-attacks, data loss and cyber extortion – strongly emphasising that these risks are here to stay and present many challenges to D&Os. With the GDPR having been in force for a few years now, companies and D&Os have witnessed the significant fines that can be levied by data protection authorities following a breach and the law is still developing on claims from data subjects. In addition, the first party costs following a breach can be considerable and there is the prospect of third-party claims.

Top 7 risks for directors from the Directors' and Officers' Liability Insurance Survey 2022/2023

Table shows 7 year comparison. In 2021 to 2023 cyber attack dominated the number 1 spot. In 2018-2019 data loss took first place.
201820192021 20222023
#1Cyber attackCyber attackCyber attackData lossRisk of data loss/data breach
#2 Data loss Data loss Data lossCyber attackCyber attack
#3Cyber extortionCyber extortionRegulatory risk (including threat of fines and penalities)Regulatory risk (including threat of fines and penalities)Regulatory and other investigations
#4Regulatory risk (including threat of fines and penalities)Regulatory risk (including threat of fines and penalities)Risk of a health and safety/environmental prosecutions safety legislationLitigation riskHealth and safety legislation
#5Health and safety prosecutionsRisk of a health and safety/environmental prosecutions safety legislationRisk of employment claimsFocus of a social media campaignCriminal and regulatory fines and penalties
#6Bribery and corruptionYour organisation being a victim of a crimefocus of a social media campaign Your organisation being a victim of a crimeClass action lawsuits against the company and its directors
#7Your organisation being a victim of a crimeBribery and corruptionYour organisation being a victim of a crimeRisk of a health and safety/environmental prosecutions safety legislationEmployement practices claims

Cybersecurity is, of course, of paramount importance but it can be very challenging to keep pace with the ways and means that attacks are perpetrated, meaning that regulatory actions for systems and controls failures (which have been a keen focus for financial regulators in recent years) can be added to the risk landscape.

Regulatory risk, more generally, continues to be of concern, and with good reason. In recent years there has been heightened scrutiny by more proactive and aggressive regulators (whose enforcement activity has largely rebounded following the pandemic), ever-increasing regulatory requirements and a keen focus on holding wrongdoers to account. Regulators continue to focus on tackling financial crime and market abuse, improving consumer protection, as well as having an increasing emphasis on ESG, including climate related risks, and crypto regulation. We can expect to see regulators flexing their powers in due course in relation to these emerging risks.

Despite the global focus on Corporate Social Responsibility and ESG being a hot topic in the boardroom, climate change has only featured in the top 7 risks for D&Os in two of the 6 regions surveyed - Great Britain and Australasia. Interestingly though climate change did feature as the number one risk within GB this year ahead of cyber extortion, data loss and cyber-attack, which have dominated the top 3 risks within the region for the last 3 years running. It is clear any disclosure requirements create liability, but how companies and boards tackle the issue of complying with their ESG requirements will be as big a liability as not complying or reaching targets.

There are potentially huge knock-on effects to acting in the space, not only for the company itself but also in terms of people and economies. Boards will need to fully understand all this before acting or they could bear the brunt of claims arising from the mishandling of their ESG polices.

It is clear from the survey that D&Os are also apprehensive about criminal risks – both falling foul of criminal laws and organisations being a victim of crime, such as cybercrime. The risk of health and safety prosecutions came fifth on the top seven list.

Companies are under a duty to do all that is reasonably practicable to protect the health and safety of their employees and to provide a safe workplace. Failures in this regard can lead to significant fines being imposed and, in some cases, prison sentences handed out where there has been a particularly egregious failure. In England and Wales, D&Os can face prosecution if the offence has been committed with the consent, connivance, or neglect of the director(s) in question and many other jurisdictions carry similar provisions. Like most other public sector bodies, prosecuting authorities built up a backlog of cases during the pandemic which are now being brought to fruition, leading to high levels of activity. We shall have to see if these levels will be sustained or will taper off once there is some distance from the pandemic.

Bribery and corruption investigations are costly and often cross border, and prosecutors have been cooperating on an international level to stamp out the behaviour. In addition to direct offences, some jurisdictions, such as the UK, have enacted “failure to prevent” criminal offences for corporations, which could result in follow-on prosecutions for D&Os in the pursuit of a deferred prosecution agreement.

What the top seven list clearly show is that D&Os are faced with a range of challenging exposures, which could lead to significant consequences. Risk management and the implementation of adequate systems and controls are key to preventing and mitigating these risks.

Download
Authors

GB Head of Global FINEX D&O

Clyde & Co Partner

Contact

Head of FINEX Europe (excluding GB)

Contact us