In what has been dubbed 'big cyber game hunting', companies the world over are experiencing an increase in the volume and severity of cyber-attacks.
The direct financial impact, supply chain interruption and reputational harm that often flows means that companies and their officers are facing increased scrutiny in the aftermath of an incident.
Business interruptions losses, mega fines and share price drops are providing the ideal feeding ground for onlookers. Regulators, shareholders and the public watch on to examine what directors and officers did or did not do to prevent such events, or to mitigate the impact of the event on the company.
We predict that in 2021 there will be a rise in the number of claims under non-cyber policies which have as their genesis in a cyber related incident.
Over the years, the US has seen a number of cyber related securities class actions which seek to recover losses suffered by shareholders after a cyber security incident. Given the volume of cyber incidents being experienced by companies outside the US, it is only a matter of time before we see this trend follow in other jurisdictions.
In 2020 for the first time, the Australian corporate conduct regulator ASIC, commenced landmark proceedings against a financial services provider for failing to have adequate cyber security systems, after the company suffered multiple cyber-attacks. We expect that regulatory scrutiny will extend to key individuals within organisations.
We expect it is a matter of time before insurers see an increase claims under non-cyber related insurance policies for cyber-related issues, including D&O Liability, Management Liability and Statutory Liability policies.