Protecting the professionals (Part 2)

What’s changing when it comes to exposures confronting directors and officers – and those they employ?

Protecting the professionals (Part 2)

Business strategy

By

This is the second part of a series. Read the first part here.


Beyond oil & gas, Sheehan talks about investment advisors, who will be affected by a new Department of Labor fiduciary rule. 

“There’s stronger language in that fiduciary rule that those individual advisors have to represent the client’s best interests and they really need to show that there’s not a conflict of interest by putting an investor in an investment with a higher cost structure and higher fees in it,” he says. “With that rule coming out, one can only assume that the plaintiff’s bar is going to take notice. They usually follow the regulators and find negligence within those rules and pursue private courses of action. I think a lot of folks in the investment community and the retirement planning benefits community are taking notice and trying to provide proper communication to avoid regulatory action and lawsuits.”

And then there’s contractors’ E&O. “More and more, we’re seeing contractors being required by contract to carry contractors’ E&O,” Sheehan says. “With the way projects
are delivered now, and the sophistication of the documentation software while delivering a construction project … there’s always direction and advice coming from contractors back and forth. That advice can easily be construed as advice that requires expertise, and it really can’t be confused with the actual swinging of hammers or the construction means and methods, which would fall under a GL policy. I think we’re just going to keep seeing a spike in claims, and I don’t think contractors are going
to be able to avoid buying coverage.”

Finally, Sheehan mentions managed care as another industry with the potential for increased E&O exposures. “With healthcare distribution changing in our country and public groundswell trying to find ways to cut costs in healthcare, any firm that’s in that chain of managing the cost or distribution of healthcare … [has] to be concerned that they are going to be under a regulatory microscope and also be subject to antitrust suits from competitors or regulators.” 

Fidelity insurance
“[Fidelity insurance] provides coverage not only for employee theft, but also for theft committed by a third party, both of which are real risks,” says Rachelle Rebick of RT
ProExec. “The importance of this kind of protection is increasing because people are always finding new and creative ways to commit the theft or fraud. Technological
advances have also helped provide new ways for individuals – or groups of individuals – to commit theft against their employer or another third party.”

A key example of an emerging risk in the fidelity space is impersonation fraud, also known as social engineering fraud.

“This type of fraud is a scheme to obtain funds of the company by an individual purporting to be a vendor, client or executive of the company,” Rebick explains. “The fraud typically occurs over the phone or in an email. As a result of the significant amount of data about companies and executives on the internet, criminals are easily able to gather information and construct convincing stories, making this type of fraud difficult to prevent, even with the proper controls in place.”

Cyber risk
According to Mickey Estey, cyber risk exposure for professional firms is growing rapidly as it relates to data privacy. “Many classes of professionals have always had a cyber risk exposure. This includes healthcare, attorneys, accountants and other financial professionals,” he says. “The thing that has changed is these types of firms are
being targeted at a much higher rate and sophistication because the hackers have recognized that many professionals have what they would consider to be a gold mine of confidential information on individuals that can be sold in the criminal underground.” 

Estey says there’s been an increase in many types of phishing, ransomware and other social engineering attacks against these firms. “Recently, during tax season, many firms have been hit with W-2 scams, where the hackers send fraudulent emails to try to induce companies to send the W-2s on employees.” 

Today, it’s imperative that cyber risk is on the radars of those charged with running companies. “I think it’s common knowledge now that cyber privacy exposures and risk
are a boardroom issue, not just the purview of your chief information officer or IT department,” Sheehan says. “The SEC has supplied guidelines along those lines, which trickle down through the public and private sector. The risk of cyber and privacy exposures to a company’s balance sheet, their reputation and, ultimately, to losing customers and revenue sources is huge.”

Sheehan says there’s been a disturbing trend among private D&O insurers to add a broad-based cyber network security exclusion to a D&O policy. He says that while the
direct costs of a data breach or network security event should be borne by a cyber policy, any subsequent claims by investors, creditors or other stakeholders against management for any failure to manage a company properly – which led to the cyber attack – should be covered under the D&O policy.

“While … it’s okay to have that exclusion, we want to limit its scope,” he says. On cyber risk and E&O, Sheehan says there’s a perception among professionals that their E&O policy will cover them for any failure to protect confidential information. “Even if an accountant or an attorney makes the argument that the breach of privacy occurred while providing professional services to that client, there are first-party costs that are expected of that professional firm that don’t meet the definition of a ‘claim’ in an E&O
policy,” he says. “So those first-party costs would be borne by the organization. Also, the experts that a cyber policy can put into place, and the speed with which they put them into place, can lessen a lot of reputational damage to that firm, as well as hastening a solution to the problem, which the E&O policy will not respond to.”

In other words, cyber coverage is crucial. “A breach or a network shutdown is a huge threat to a company’s reputation and, ultimately, their balance sheet,” Sheehan says.
“When a company’s balance sheet and their reputation are harmed, that has a spill-over effect to employee retention, employee hiring and firing – which can hit an employment practices policy – [and] it has spill-over effects for investors, creditors and regulators, which could be the subject of a D&O policy.

“Ultimately,” he continues, “it’s going to affect the organization’s health and risk management practices, which can spill over into any sort of liability exposure that the
entity may have. So, the initial problem of a breach or a network interruption can be picked up by a cyber policy, but the follow-on reputational damage and spill-over effects are hard to enumerate.”

Client conversations
Given these shifting exposures, brokers need to initiate conversations with their clients to ensure they’re able to organize appropriate insurance for those clients’ exposures. So what shape should that discussion take? 

“Have a casual conversation with your insured about how they actually make money and who they interact with to meet their goals of making money and servicing their clients and, ultimately, providing a good place for their employees to work,” Sheehan advises. “Once that conversation happens, you can find out who they actually interact with and what problems can arise.”

Estey recommends having an ongoing conversation “as companies change their services, offer new ones or make acquisitions to make sure that the professional coverage is kept up-to-date to contemplate those exposures.”

On the cyber and privacy side, he adds: “Evaluate coverage with respect to the professional policy and take the appropriate steps to add broad cyber coverage on the professional policy or add [a] stand-alone cyber policy to address the risk.” 

Sheehan emphasizes the difference that can be made if those conversations begin early. “I can’t tell you how many times I’ve had to place a policy in 24 hours because of a contractual requirement – which is fine, and that’s what I’m here to do, but if you can start early and tell a clearer story and give multiple underwriters ample time to digest the risk, quote the risk and offer their expertise, without a doubt you’re going to come back with a policy that fits the insured’s needs better and is likely a more cost-effective option.”

Keep up with the latest news and events

Join our mailing list, it’s free!