In a recently published survey of corporate directors and officers, cyber and privacy risks topped the list of global boardroom concerns. The survey report, titled Personal Exposure to Global Risks, compiled the views of 161 directors, non-executive directors, partners, in-house lawyers, risk officers, and compliance professionals around the world with regard to the top risks facing their enterprises.
For the first time, the risk of data loss/data breach topped the list, with cyber attack coming in second. This result may not be surprising, given that 51% of public company survey respondents reported that their companies experienced either a significant cyber attack or a sizable data loss over the past year, up a whopping 70% from the prior year (30%). And more than twice as many respondents from private companies (38%) experienced such incidents last year as compared with the preceding year (18%). Regulatory and other investigations, health and safety legislation, and criminal and regulatory fines and penalties rounded out the top 5 global risks identified by the survey respondents. Regarding the impact of the EU’s General Data Protection Regulation (GDPR), more than half of the respondents (52%) felt that the risk of data loss, data breach, or risks associated with the regulation are very or extremely concerning.
The report also captured the respondents’ concerns about their Directors and Officers insurance coverage. Their number one concern, reflecting the impact of increasing business globalization, was whether their firm’s D&O policy and/or company indemnification would be able to respond to claims in all jurisdictions. The other top D&O insurance policy issues were: how claims against directors and officers will be controlled and settled; a broad definition of who is insured; clear and easy to follow policy terms; and whether there is cover for the cost of advice at the early stages of an investigation.
Despite the unsettling statistics concerning the surveyed companies’ recent cyber attack and data loss experiences, the good news is that cyber and privacy risks, and the adequacy of D&O insurance coverage, finally seem to be gaining the well deserved attention of more and more corporate directors and officers.
A copy of the report can be found here.
