“If stock prices drop, then this
makes it easier for class action
lawyers to make their cases in D&O
situations,” he said. “As a result, D&O
carriers may see an uptick in cases
against their insureds and an easier
path for plaintiffs to show that the
company did not meet its duty of care.”
One area that regulators and plaintiffs
might seize upon is the certification
compliance requirement, according to
Rob Yellen, executive vice president,
D&O and fiduciary liability product
leader, FINEX at Willis Towers Watson.
“A mere inaccuracy in a certification
could result in criminal enforcement,
in which case it would then become a
boardroom issue,” he said.
A big grey area, however, said Shiraz
Saeed, national practice leader for cyber
institutions industry practice leader at
Aon Risk Solutions, said many small
and mid-size businesses may struggle
to comply with the new rules in time.
“It’s going to be a steep learning
curve and a lot of work in terms of
preparedness and the implementation
of a highly detailed cyber security
program, risk assessment and response
plan, all by September 2017,” he said.
The new regulation also has the
potential to impact third parties
including accounting, law, IT and even
maintenance and repair firms who
have access to a company’s information
systems and personal data, said Keegan.
“That can include everyone from
IT vendors to the people who maintain
the building’s air conditioning,” he said.
Others have followed New York’s
lead, with similar regulations being
considered across federal, state and
The National Association of
Insurance Commissioners’ Cybersecurity Taskforce has proposed an
insurance data security model law
that establishes exclusive standards for
data security and investigation, and
notification of a breach of data security
for insurance providers.
Once enacted, each state would be
free to adopt the new law, however,
“our main concern is if regulators in
different states start to adopt different
standards from each other,” said Alex
Hageli, director, personal lines policy
at the Property Casualty Insurers
Association of America.
“It would only serve to make
compliance harder, increase the cost of
burden on companies, and at the end of
the day it doesn’t really help anybody.”
Adam Hamm, former NAIC
chair and MD of Protiviti’s risk and
compliance practice, added: “With
New York’s new cyber regulation, this
is a sea change from where we were
a couple of years ago and it’s soon
going to become the new norm for
regulating cyber security.” &
ALEX WRIGHT is a U.K.-based business
journalist. You can reach him at
risk at Starr Companies, is determining
if a violation is a cyber or management
liability issue in the first place.
“The complication arises when a
company only has D&O coverage, but
it doesn’t have a cyber policy and then
they have to try and push all the claims
down the D&O route, irrespective of
their nature,” he said.
Jim McCue, financial
HARNESS THE POWER OF YOUR EXPERTISE
& OUTPACE YOUR COMPETITION
As the pace of marketplace changes accelerate, companies slow to respond
will be left behind. Delphi Technology understands that improving speed-to-market will help you win the race.
Delphi Accelerator helps you harness the rich, robust content from AAIS,
ISO, and NCCI to give your products a competitive edge by enabling you to:
• Download and import content directly into your own content libraries in a
matter of minutes instead of days, weeks, or months;
• Define products by adopting AAIS, ISO, and NCCI electronic rating content and
seamlessly combining it with your own intellectual property;
• Leverage the impact analysis functionality to perform product “what-if”
scenarios for any combination of loss costs/rates, rules, and forms
information from AAIS, ISO, NCCI, and your own unique content libraries.
Let Delphi Technology show you how to compare your product content to
new versions, minimize risk, and get products to market faster than your
competition. For more information, visit Delphi-Tech.com.