The Buck Stops With The Board: Cyber Risk Accountability

The mismanagement of a cyber incident is a growing risk across the liability insurance sector. From a data breach to poorly handled cyber attacks, executives face increasing exposure to litigation regarding cybersecurity related incidents. 

Cyber vulnerabilities need to be viewed through an executive risk lens. If a business falls victim to a cyber attack, the impact could be far reaching, from a falling share price to business interruption losses and reputational damage.

As technological innovation continues at pace, cybercriminals are becoming more sophisticated and bullish in their approach. In Q2 2024, Check Point Research saw a 30% YoY increase in cyber attacks globally.1 In light of this trend, an increase in litigation centred around cyber risk is inevitable. To counter this threat firms need:

• Investment in new cyber defence technologies and cybersecurity
• Regularly rehearsed business continuity plans that include crisis and reputational management
• A good understanding of third party suppliers and the firm’s dependence and connectivity with them
• A suitable cyber insurance program with claims handling expertise.

All the elements above should be managed actively with key stakeholders across the business, so if the worst were to happen, clients and their insurers can manage the situation and mitigate the risk quickly and appropriately. Strong internal governance and risk framework procedures to check for breaches and the earliest possible notification to insurers once a breach has occurred are also paramount in the mitigation of a cyber breach incident.

Ranking cyber risk in a chaotic global landscape

With executives facing growing scrutiny around how they manage cyber risk, our Risk & Resilience research2 undertaken with global executives found that 23% felt unprepared3 to counter the threats posed by cyber risk. While, encouragingly, 24% are looking to invest in cybersecurity defences to help build resilience to this risk. 

In amongst the many challenges faced by our global executives surveyed, 26% ranked cyber risk as their number one risk of concern this year. This is a considerable number which is likely to grow given the increased number of attacks and the growing scrutiny being applied by regulators in this space.

A full spectrum approach 

A full spectrum approach to cyber security implements pre-emptive and preventative measures, such as risk horizon scanning to identify risk blind spots and emerging threats. In doing so, it forms part of a wider risk mitigation strategy that can help to reassure investors and promote best practice internally.

Should a cyber attack lead investors to question the competency of the board, executives can defend themselves with tangible evidence that reasonable steps were taken to prevent the attack occurring in the first place, and prove they had active risk management plans and support in place to help mitigate the impact of the attack.  

In today’s unpredictable risk landscape, insurers can play a pivotal role by sharing claims and regulatory insight, and through the provision of comprehensive, tailored coverages that help to both respond and mitigate the evolving cyber and D&O risks they face.

Ultimately risk in a business stops with the board, and the failure to ensure the safety of their systems could cause issues in the long run. Should a firm fall victim to an attack that compromises sensitive data and results in a reduced share price, lost revenue and reputational damage, both the company and its executives will need to face up to their shareholders, investors and customers.

Back to Spotlight on Boardroom Risk 2024