Cyber attacks and data loss are the top liability risks facing directors and officers, with cyber extortion and the growth of ransomware attacks also flagged up as a significant source of financial or reputational risk, according to a survey by WTW and law firm Clyde & Co.

65% of respondents to the latest edition of the Directors’ Liability 2022 survey – which includes responses from more than 40 countries – said the risk of cyber attack is very significant or extremely significant, while 63% say the same of data loss. Regulatory risks ranked fourth, cited by around half of respondents as either very or extremely significant.

Although views on cyber extortion were only touched on for the first time in this year’s survey, it immediately ranked third, with 59% of respondents saying they regarded it as a very significant or extremely significant risk. WTW said concerns around cyber extortion were undoubtedly driven by the surge in ransomware attacks over the last 24 months, the majority of which have included the demand for an extortion payment. The report warns that ransomware has become a low-investment, low-risk and high-reward method of cyber crime which organisations cannot ignore.

Angus Duncan, executive director and a D&O coverage specialist at WTW, said: “In fact, not many directors have actually been sued as a result of a cyber attack, it’s just not a big exposure. Regulators are saying cyber risks are a director responsibility and I’m not saying they are wrong to be worried about it, but it’s interesting that three cyber risks dominate the list of director risks.”

Despite the increased attention on climate change risks following COP26 and recent regulatory changes, it still remains outside the top five risks in any region, and sixth among UK respondents, where 44% of UK-based directors identified climate change and the environment as a ‘very significant’ or ‘extremely significant’ risk to business operations. However, when considering the risk that climate change presents to directors, the results fall to 24% among UK respondents.

Duncan added that a ramping up of reporting requirements would likely see climate change risk move up the list of liability concerns against a backdrop of increasing pressure on financial institutions to make climate and ESG-related financial disclosures.

Share Story: