It is clear to most organizations they face a growing cyber threat and something needs to be done about it, but what happens if they don't?
The resulting loss of reputation, income and market positioning can be detrimental to an organization. Directors and Officers are subject to lawsuits brought by shareholders and regulators in the event of a cyber breach. Of course, this means the resulting lawsuit needs to be something that can be considering by the Director and Officers liability policy. In most cases Directors and Officers policies have not been modified to consider cyber based claims, opening a big "grey area" when it comes to paying for legal defense.
Most boards should consider taking the necessary steps to ensure they are adequately protected from a cyber breach. Allegations for failure to properly prevent a cyber breach can be costly Here are some steps to take:
1. Start the discussion - Surprisingly many organization have neglected to start the conversation around cyber security. It is time to bring the IT team to the discussion table to understand what is being done to proactively prevent cyber threats. Involve a professional risk manager in the conversation and consider using them for implementing a cyber strategy.
2. Update security practices - What is your organization doing to stay up-to-date when it comes to cyber security? Could you show all stakeholders you have taken the adequate steps to protect the organization from a cyber breach?
3. Insurance- It is surprising how many decision makers within an organization have no idea how their insurance policy will respond to certain events. A lot of that must do with finding the right professional to administer a Directors and Officers liability insurance policy. Even then, most, if any of the expenses from a cyber breach will not be covered by a Directors and Officers liability policy. There are various other products available in the market to cover for first and third party related incidents occurring from a cyber breach.
Has your board started or considered any of these points? As a director or officer of an organization personal assets can be on the line and that is the last thing you want to happen. Make cyber security personal and have your board start the discussion around cyber strategy.
What do you think?
The Base Team
Insurance made easy. How we can make insurance better for you?