The Responsibility Directors and Officers Have for Cybersecurity

Corporate cyber security is an issue that continues to grow in importance in modern society. Recent events have further showed that the threats to that cybersecurity are not going to diminish, but instead grow exponentially. In fact, in 2013, there were more than 63,000 incidents and more than 1,300 confirmed data breaches, which means that companies need to protect their directors and officers with directors and officers insurance to ensure the company’s continued success.


The Ponemon Institute, a data security research firm, estimates that the average cost to a company because of a data breach is $3.5 million. Without directors and officers insurance, the senior members of a company could be personally fined for these breaches, which would destabilize the company further.


The cost to protect a company against data breaches is ever growing, but so is the importance of protecting against them, because that cost would potentially be much higher. There are several negative side effects of a data breach such as:


  • Reputation risks – the image of a brand would decline if customers don’t trust a company or its directors and officers, which would in turn lead to a decrease in profit


  • Litigation risks – these risks and consequences of these risks include litigation as a result of direct consumer economic loss, shareholder litigation, violation of data privacy laws, potential tort liability for regulatory non-compliance, as well as a higher level of regulatory scrutiny following the incident


  • Insurance risks – companies need to ensure their general liability, errors and omissions, and directors and officers insurance policies cover the possibility of data breach to prevent any complications and increased fees that could occur if the policies do not cover them. Many companies make the mistake of thinking that commercial liability insurance policies will cover them, but typically, they only cover tangible losses.


  • Business and vendor risks – companies need to not only look at themselves for potential security breaches, but also to any businesses and vendors they partner with because if they are vulnerable to a security breach, it makes the initial company much more susceptible to a security breach if the partnering vendor is compromised in some way


Security breaches are increasingly common, but unless a company does something to protect itself and its directors and officers, it could lose everything in the blink of an eye without being proactive in preventing them.