Home > Property & Casualty > Prioritize cybersecurity – liabilities could fall to D&Os

Prioritize cybersecurity – liabilities could fall to D&Os


On Tuesday, Premera Blue Cross announced the health insurer fell victim to a security breach that exposed medical and financial information of 11 million customers – the most devastating cyber-attack in the health care industry to date. If this latest breach tells us anything, it’s that the necessity for cyber coverage has never been more essential. A recent study from the Ponemon Institute found that 43 percent of companies have suffered a data breach in the past year. Yet despite these numbers, a whopping 70 percent of security professionals consider their organizations safe from cyber-attacks, according to a separate survey published this week. These findings suggest not only a false sense of security among IT departments, but that many directors and officers may not realize their obligations related to cybersecurity.

The importance for a company to have a data-breach response plan in place is more paramount than ever. In fact, the failure to recognize the potential impact of a cyber-attack not only exposes the company to financial losses, but individual directors and officers may be held accountable for damages separate from cyber claims – on both a state and federal level.

The U.S. Securities and Exchange Commission (SEC) has made it clear that they view boards as being a critical part of cyber-risk management, that they “need to work with management to assess cyber controls, to make sure they match up with or exceed federal frameworks,” said SEC Commissioner Luis Aguilar. This indicates that the SEC, along with the increasing number of state and federal regulators, will police corporate data protection matters. It’s safe for companies to assume that the SEC will expect businesses to cover cybersecurity risks in their public disclosures. This does not mean that board members themselves need to be cyber experts, but that they should be proactive in assembling teams who can oversee prevention policies and response plans.

For more information on cybersecurity, we encourage board members to visit CyberRiskHub and tune into our Data Breach Prevention and Response webcast on Tuesday, March 31.

About the Author

Marcus Janus is a Vice President in WGA’s Executive Risk Practice. He specializes in assisting organizations and their executives with protection and advocacy for their exposures to Directors’ & Officers’ Liability, Employment Practices Liability, Fiduciary Liability, Professional Liability, Crime, and Kidnap & Ransom.

617.646.0258 | MJanus@wgains.com | Connect with Marucs on LinkedIn |

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s