Risk managers need to check policies as cyber exposure multiplies

Directors’ and officers’ exposure to cyber risk is growing because they need to demonstrate that appropriate steps have been taken to mitigate the risk–steps that will go some way to reducing liability and allay the growing concerns of some underwriters.

Following the massive data breach at US retailer Target in 2013, one of the biggest in US history, the company faced over 100 class action suits, according to a Department of Justice investigation and a Senate committee hearing.

The breach also saw at least two shareholder derivative suits filed against Target’s board and senior executives. The company’s CEO resigned in 2014. The suits alleged that they failed to take adequate steps to protect against a cyber attack and prepare a response. Target is not the only company to be hit by a derivative lawsuit following a breach.

Just months after Target was sued, shareholders in Wyndham Worldwide Corp brought a derivative lawsuit against certain directors and officers of the company, based upon three data breaches between 2008 and 2010.

Some believe that these cyber-related shareholder derivative actions may be the start of a new wave of shareholder litigation in the US.

In addition to the costs associated with handling a breach, companies may also suffer reputational damage as well as a knock-on effect of lower revenues or a fall in share price, potentially sparking shareholder litigation, explained James Tuplin, TMT Portfolio Manager at Australia-based insurer QBE.

Companies and their directors are therefore open to potential shareholder lawsuits in the event of a data breach if it can be shown that they failed to take sufficient steps to protect the company from a security breach and its consequences.

“So far derivative class actions have been the main method for bringing action against a company and its directors following a cyber breach, however it is only a matter of time before the plaintiff bar brings a class action,” said Charles Boorman, Head of Financial Lines at QBE.

“Shareholders seem to have been asleep to the potential downside risk of a data breach, but this won’t continue. I would expect to see bigger payouts around data breaches on the back of class actions,” he said.

You might also like