Coronavirus Update: Read our latest news and updates here

Directors and officers – tough at the top

Submitted by Dean on 19 September, 2019 - 12:19 with 0 comment

Directors and officers – tough at the top

Directors and Officers are today, facing a challenging environment. With tightening regulation and emerging technologies, executive liability is increasing, especially in the cyber arena. And despite an ever increasing series of cyber-attacks on businesses – a quarter are reporting a breach at least once a month – only 17% of firms have had their staff undertake cyber security training in the past twelve months.1

With this increase in severity of attacks and the related business interruption cost to a business, directors and officers are under pressure to adapt procedures to ensure complete oversight of cyber security under the increased risk of cybercrime. Not doing so could leave them, or their data protection/information security officer to exposure, leading to claims related to misconduct, breaches of duty or negligence.

Rules around data protection are becoming more stringent. The penalties for non-compliance are severe and are increasingly having an impact on businesses. A cyber incident not only results in financial damage, from the cost to rectify the issue to business interruptions costs – but also potential reputational and regulatory action.

There are a wide range of scenarios in which a director or IT Security/Data Protection Officer could be considered negligent and taken to court. One example is a vulnerable network being compromised, leading to business interruption, property damage or loss of/theft of customer data.

Growth in outsourcing and cloud computing is also creating exposures – with only 13% of businesses setting a minimum cyber security standard for their suppliers2 – a breach could result in litigation if the directors failed to ensure appropriate due diligence.

The introduction of the General Data Protection Regulation (GDPR) in 2018 will increase directors and officers liabilities for data breaches or personal data misuse in Europe3. France and Italy have already taken steps to make directors liable if they fail to take reasonable measures to prevent a data breach. With some uncertainty around this area within the UK, there is potential for a case to be made that a director gave insufficient attention to cyber security.

To mitigate the increase in exposure in this area, directors should have a superior risk management culture, including encouraging sophisticated cyber and IT risk management. Cyber security should be recognised as good business practise rather than an IT issue; with a culture that emphasises customer confidentiality.

Some insurers, including Allianz Insurance, have extended the definition of insured persons to include data protection officers under their Directors & Officers (D&O) covers. This reflects the changing needs of the market and included in the proposition is the addition of a new Employment Practise Liability helpline, which can provide legal advice on typical employment matters or grievance issues.

1 Gov. uk – Cyber Security Breaches 2017

2 Information Commissioner’s Office

3 Allianz Global Corporate & Specialty

So speak to us today on 02920 626 226 or email to see how we could help you.


About Us

Watkin Davies Insurance Consultants are one of Wales’ largest Independent Insurance Brokers, established in 1978 by Roger Watkins. Since this time we have become one of the leading Commercial and Personal Insurance Brokers in the region and the trusted insurance advisor to hundreds of Welsh and UK businesses and individuals.

Head Office

15 & 19 Penlline Road
Cardiff, CF14 2AA
029 2062 6226
Opening Hours
Mon-Fri: 9am to 5.30pm
Sat: 9am to 1pm
Sun: Closed

Official Insurance Partner of the FAW Trust

Official Insurance Partner of the WSA

Member of British Insurance Brokers Association