Cyberattacks and data loss/breaches are the new most concerning risks for directors, overtaking regulatory investigations, according to Willis Towers Watson’s sixth directors’ liability report.
The report, titled ‘D&O: Personal Exposure to Global Risk’ and produced in cooperation with law firm Allen & Overy, noted that there is a large change in risk culture affecting senior management. In this year’s edition, the majority (51%) of public companies said that they had experienced either a significant cyberattack or a sizeable data loss in the past year. This was a large leap from 30% in 2017.
When asked to prioritise the risks facing their businesses, more than half of respondents (52%) described the risk of data loss, data breach or risks associated with the EU’s new General Data Protection Regulation (GDPR) as very or extremely concerning. Half (50%) ranked cyberattack as causing them the same level of anxiety. As these risks are often related, they become a huge concern for business leaders, the report said. The recent fines imposed on supermarkets and the continuing reputational damage as a result of such breaches, supports how seriously these are being taken.
The former top risk – regulatory concerns – is now in second place. According to the study, 43% of large employers and 38% of listed companies have experienced a regulatory claim involving a director in the last 12 months. Furthermore, regulatory focus on personal accountability is changing company behaviour, with 60% saying it is impacting decision-making processes.
There is also increased uncertainty about the economic condition and geopolitical risks, with 72% of public companies expressing concern for each, an increase from 59% last year.
“It is the breadth, as well as the depth, of the concerns expressed by senior managers in this survey which is striking,” said Francis Kean, executive director, FINEX, Willis Towers Watson. “From health and safety to criminal activity and from increased risk of employment claims to climate change the spectrum of potential sources of liability for directors is wider than it has ever been. For the first time, the presence of an active and increasingly sophisticated plaintiff’s bar ready to bring claims against directors anywhere in the world also features as a key concern. Sitting on top of all this is the almost daily reality for companies of cyberattack or the risk of serious data loss. Never has there been a more important time for directors to understand the personal liability protections available to them.”
“Seven years on from the launch of our first report focusing on directors’ liabilities we can clearly see that conditions have become increasingly challenging for company directors,” said Joanna Page, head of Allen & Overy’s insurance litigation group.
“High-ranking individuals in public and privately-held corporations face unprecedented scrutiny and bear the brunt of global enforcement efforts by regulators to combat corporate failings. For the first time, we see concerns dominated by the threats of cyberattack and data loss – fears that are not new but are rapidly moving up the agenda. If you are a senior manager or director, it is important to be entirely comfortable about the scope of your personal liability protection. Be clear on your own responsibilities and reporting lines and brace for the renewed regulatory focus on individual conduct.”