Would a D&O insurance policy cover the board if a data breach claim occurs? Every policy has its quirks both D&O and Data Breach, and most of these insurance policies have different coverage language.
3 things that stick out about the D&O Policy:
1. Your D&O policy language may exclude data breaches all together. It also may not. Read the exclusion section for words like “privacy acts.” Have a cyber liability insurance professional review it further.
2. A D&O insurance policy was not really designed to protect your company’s board from a data breach, the market just kind of happened. We have heard and are seeing most insurance companies trending to exclusions for data breach. Point being a data breach insurance policy is designed to protect against breach.
3. What does a board’s current risk management and insurance plan look like? Did the board delegate and create responsibilities for protection of data, what was the process to protect, what positions were created and who was involved? Were they using a security company, or was it handled in-house? If coverage for breach exists in the D&O policy then one of the discussions will be…Was the board?
- acting in good faith;
- acting in the best interests of the corporation;
- acting on an informed basis;
- not being wasteful;
- not involving self-interest (duty of loyalty concept plays a role here).
So if data breach is included in the D&O policy, would coverage exist if a group of board members decided against purchasing a data breach insurance policy with the pure thought that they were acting in the “best interest of the company?” As we watch this breach market develop there is still much grey and there is no cookie cutter solution. Every situation is different.
The best way to insure yourself from breach is to buy a data breach and cyber liability policy. You also need to have an insurance professional review your D&O policy.
Photo: Kate Ter Haar
