Print
This year’s PLUS (Professional Liability Underwriting Society) annual conference, held last week in Las Vegas, Nevada, provided insight on the issues underwriters are facing related to cyber liability and data breaches in the context of directors and officers insurance policies. Based on comments made during the conference, underwriters appear to be particularly concerned with a potential increase in cyber liability/data breach claims against corporate directors, board members and officers. Also causing the concern is the fact that corporations are not required to provide a substantial amount of information concerning the potential cyber risks they face. For example, an article in the November 9, 2014 edition of Business Insurance reported that during the PLUS conference, Shanda Davis, D & O product manager for Travelers Insurance, was quoted as saying “unlike other aspects of D & O underwriting, insurers cannot rely on public filing or use them as a resource because they do not contain detailed cybersecurity information.”
Underwriters’ concerns may be warranted. The SEC merely provides guidelines as to what information should be provided for an appropriate disclosure related to a corporation’s cybersecurity risk. As it stands, there are no express rules or regulations concerning what information a corporation is required to provide regarding potential cybersecurity risks. Therefore, while the key to coverage for these claims will be the strength of the underwriting, assessing the risk will be difficult without complete disclosure of the risk. We will continue to provide updates on the disclosure requirements.