Willis: Boards Must Be More Aware of Cyber Liability

NU Online News Service, March 16, 10:34 a.m. EDT

Company directors do not realize the full threat of their cyber-liability exposure, and they must be more aware of the legal hazards they face or risk litigation from investors and regulators, says an insurance broker.

Speaking at the Advisen Cyber Liability Insights Conference hosted by Willis in London on Tuesday, Francis Kean, Willis Group Holdings executive director in the firm’s FINEX Global Unit, warned that boards must understand how exposed their companies are to the digital-threat environment following recent Securities and Exchange Commission guidance on disclosure of cyber-attacks.

“The SEC guidance is a useful wakeup call to the risks of data breaches for boards everywhere, but they now have a delicate balancing act,” Kean says. “The problem with exposing cyber breaches is you don’t want to provide a route map to hackers or potential plaintiffs down the road, but you also don’t want to expose yourself to a shareholder class action.”

Kean stressed the need for boards to understand emerging cyber threats, saying, “There is a whole universe of potential cyber risk not understood at a board level. This, in turn, creates a risk that directors will fail to discharge their duty of care and duty to promote the success of the company. Their fiduciary duties require them to gain some understanding of the cyber threat faced by their companies and to ensure adequate and proportionate procedures are adopted to mitigate the consequences of a serious data breach.”

The SEC guidance was issued last October in response to concerns that it was hard for investors to assess security risks if companies fail to disclose data breaches in their public filings.

There are five specific disclosure areas addressed in the guidance:

  • Pre-attack exposure analysis.
  • Cyber incidents.
  • Exposure to the firm in description of business.
  • Legal proceedings.
  • Financial statement implication.

On another panel at the event, Jeremy Smith, Willis’ cyber liabilities practice leader, discussed the development of cyber-liability insurance, saying, “The convergence of cyber coverage in recent years was largely due to a lack of sophisticated claims data and significant increases in cybercrime.”

However, Smith noted that brokers are now pushing for further innovation from the market and have managed to secure additional coverage for Payment Card Industry fines (an independent body created by the major credit-card companies that have set information-transmission standards), third-party vendors and terrorism.

Advanced Persistent Threats (APTs), such as theAuroravirus and Nightdragon, are the next challenge for the insurance industry, according to Smith. “APTs are sustained attacks designed to steal intellectual property over a number of years. The insurance industry hasn’t fully tackled this threat yet, but I hope that brokers and insurers will find a solution together in the future.”

Smith went on to warn that companies with large exposures should consider tailored cyber policies.


Resource Center

View All »

Get $100 in leads with $0 down!

NetQuote's detailed, real-time leads have boosted sales for thousands of successful local agents across the...

D&O Policy Definitions: Don't Overlook These Critical Terms

Unlike other forms of insurance where standard policy language prevails, with D&O policies, even seemingly...

Environmental Risk: Lessons Learned from Willy Wonka and the Chocolate...

Whether it’s a chocolate factory or an industrial wastewater treatment facility, cleanup and impacts to...

More Data, Earlier: The Value of Incorporating Data and Analytics...

Incorporating more data earlier in claims lifecycles can help you reduce severity payments by 25%*...

How Many Of Your Clients Are At Risk Of Flood?

Every home is vulnerable to flooding. Learn four compelling reasons why discussing flood insurance with...

Gauging your Business Intelligence Analytics Capabilities and the Impact of...

Big Data, Data Lakes and Data Swamps, How to gauge your company's Big Data readiness....

Extending Contact Center Capabilities Across the Insurance Enterprise

Today advancements in technology are making a big impact on business and society. To yield...

Drug and Alcohol Testing Requirements

In this two-part series, NBIS Risk Management team will break down the requirements to assist...

Why Cyber Liability is Essential for Human Service Organizations

For traditional low-tech operations, information is often compromised in ways that don't involve technology. Access...

A Solution for Large Commercial Habitational Accounts

6 Reasons to place your LARGE Habitational Accounts with Dauntless.

Risk Management Report eNewsletter

Identify problems involving emerging risks, reinsurance, and business interruption with help from Risk Management Report - FREE. Sign Up Now!

Advertisement. Closing in 15 seconds.