Cyber risks and data loss top director liability concerns

Cyber attacks and data loss are the top liability risks facing directors and officers, with cyber extortion and the growth of ransomware attacks also flagged up as a significant source of financial or reputational risk, according to a survey by WTW and law firm Clyde & Co.

65% of respondents to the latest edition of the Directors’ Liability 2022 survey – which includes responses from more than 40 countries – said the risk of cyber attack is very significant or extremely significant, while 63% say the same of data loss. Regulatory risks ranked fourth, cited by around half of respondents as either very or extremely significant.

Although views on cyber extortion were only touched on for the first time in this year’s survey, it immediately ranked third, with 59% of respondents saying they regarded it as a very significant or extremely significant risk. WTW said concerns around cyber extortion were undoubtedly driven by the surge in ransomware attacks over the last 24 months, the majority of which have included the demand for an extortion payment. The report warns that ransomware has become a low-investment, low-risk and high-reward method of cyber crime which organisations cannot ignore.

Angus Duncan, executive director and a D&O coverage specialist at WTW, said: “In fact, not many directors have actually been sued as a result of a cyber attack, it’s just not a big exposure. Regulators are saying cyber risks are a director responsibility and I’m not saying they are wrong to be worried about it, but it’s interesting that three cyber risks dominate the list of director risks.”

Despite the increased attention on climate change risks following COP26 and recent regulatory changes, it still remains outside the top five risks in any region, and sixth among UK respondents, where 44% of UK-based directors identified climate change and the environment as a ‘very significant’ or ‘extremely significant’ risk to business operations. However, when considering the risk that climate change presents to directors, the results fall to 24% among UK respondents.

Duncan added that a ramping up of reporting requirements would likely see climate change risk move up the list of liability concerns against a backdrop of increasing pressure on financial institutions to make climate and ESG-related financial disclosures.

    Share Story:


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.