When cyber risks lead to personal liability


Cyber risk is one of the top liability risks to directors and officers. How can they effectively protect themselves?

According to this years’ Allianz Risk Barometer, cyber incidents rank first in the list of top ten global business risks for 2022, outranking the COVID-19 pandemic and broken supply chains concerns, rising by an eye-watering 44% since 2021 in total.

Cyber risks are indeed at the forefront of the agenda now more than ever. However, cyber risk technology developer KYND is drawing attention to the very real threat that these cyber risks also pose to a company’s directors and officers.

According to the latest Directors’ Liability 2022 survey from Willis Tower Watson (WTW),  65% of directors and risk managers globally rate the risk of cyber-attack as “very significant” or “extremely significant” to them or their business, in partnership with law firm Clyde and Co. Additionally, 63% of respondents also said the same of data loss.

Substantial losses

An annual study conducted by IBM Security and Ponemon Institute revealed that the average cost of a data breach in 2022 reached an all-time high of $4.3m, seeing a 2.6% rise from 2021.

According to KYND, one of the reasons behind such a substantial figure lies in fines imposed by the EU’s data protection authorities for failure to properly secure customer data.

The EU General Data Protection Regulation (GDPR) is among the world’s toughest data protection laws. Under the GDPR, fines imposed can mount up to £18m, or 4% of an organisation’s worldwide turnover, whichever is higher.

Further, there can also be significant costs incurred by bringing in third-party cyber forensics to investigate, implementing enhanced security measures, and notifying and liaising with those affected by the breach. Not to mention the long-lasting indirect cost of reputational damage.

KYND explained that when a company suffers substantial losses as a result of a data breach, directors and officers (D&O) can sometimes have claims arise against the company and them personally if they have made a decision or taken a course of action that is considered as wrongdoing by a third party or shareholder.

Thus, without D&O insurance coverage, the senior management team of a victim organisation is vulnerable.

Mitigating risk

As a result, KYND said regulators have began to pay attention. The SEC have proposed rules to enhance and standardise cybersecurity incident reporting. There is also an increased amount of regulatory scrutiny on businesses C-suite.

It is in the interests of the board to implement an effective and proactive cyber risk management strategy to minimise the fallout of any successful cyber breach, and respond quickly and according to the SEC guidelines.

So, how can board and the individuals on them more effectively mitigate their cyber liability exposure?

KYND said there a few ways to enhance your cyber resilience oversight and be proactive. Firstly, cyber risk management should be considered a process, not a one-time solution. Boards should allocate fund and channel resources into a proactive strategy. Cyber due-diligence should be performed before onboarding new partners or supplies and an ongoing threat monitoring and alerting capability should be implemented.

It is also important to designate the right professionals responsible for the company’s cyber security strategy. If a board member is appointed to be directly responsible for the oversight of the company’s health, KYND said it is easier to stay aware of the latest trends and threats in cyberspace.

In addition, KYND said by implementing a top-down culture of cyber hygiene, whereby all employees are trained, all staff will be more able to steer clear of employee-centric methods of attacks.

Further, in addition to securing adequate cyber cover, KYND said companies should get D&O insurance. This type of insurance is intended to help respond to any claim or investigations against executives personally that may arise from decisions and actions taken as a part of their duties, including in the event of a cyber incident.

KYND provides continuous round-the-clock monitoring and alerting as part of its preventative approach to cyber risks.

The company’s cyber experts also offer personalised remediation advice to help improve your cyber posture and reduce the risk of falling victim to a cyber-attack, in easy-to-understand, jargon-free language that you don’t need to be an IT expert to understand.

Find out more about the risks D&O’s face and what can be done to mitigate for these here.

Earlier this year, KYND released the next generation of its cyber risk management for the managed service providers (MSP) sector.

Copyright © 2022 FinTech Global

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst


The following investor(s) were tagged in this article.