The white paper published by Airmic with support from Marsh and AIG (see link below) correctly points out that cyber and D&O risks are often closely intertwined.
One immediate example are shareholder class actions after a cyber attack has become public and the share price has dropped. Depending on the relevant jurisdiction, D&Os may, however, also be held liable by their companies for losses, damages paid to third parties or fines imposed on the company if they failed to implement an adequate IT security or other organisational measures.
Finally, under some cyber policies, insurers might be entitled to reduce insurance benefits if the insured has caused the insured event (contributory negligence). If cyber and D&O policies are placed with different carriers, that may open a further field of discussions. Accordingly, I believe that the new study sends, once more, an important message to insureds just as insurers and brokers that cyber and D&O risks will often go hand in hand and will require a strategic response from both angles.
It points out that there have already been several high-profile shareholder class actions resulting from cyber incidents, a scenario that puts companies’ D&O policies under the spotlight. It urges boards to “take a proactive approach to their insurance arrangements, ensuring that individuals and the company have adequate cover in the event of a cyber incident where a company and its senior management may face regulatory investigations or shareholder litigation.”