The Underestimated Risk of D&O Liability – Lessons from Capital Markets and Cybersecurity


Capital markets worldwide have remained active throughout 2020 with the support of global central banks. Meanwhile, the changing regulatory environment, homecoming of China Concept Stocks, and the SPAC boom are all key themes impacting the underwriting risk of D&O liability insurance.

The year 2020 marked the 30th anniversary of China’s capital market, and we saw significant reforms to the registration-based system and delisting provisions. These reforms were aimed at strengthening foundations, and to improve market governance and quality of listed companies. Under the new regulatory environment, several Chinese companies withdrew their listing applications on the A-shares market, and legal disputes concerning securities misrepresentation have been on the rise. Such disputes and the associated costs are expected to climb further this year. Given the growing cost of non-compliance and ballooning size of claims, D&O liabilities for A-shares is no longer a risk that can be underestimated.

The US Senate passed the “Holding Foreign Companies Accountable Act” in May 2020, putting China Concept Stocks in a difficult situation of having to comply with conflicting regulatory regimes. The delisting threat and general distrust has fuelled the homecoming of China Concept Stocks seeking to diversify risk. Last year also saw SPAC becoming the most popular method for companies to go public and seek financing in the US. However, since the SPAC listing process bypasses the rigorous scrutiny of typical IPOs, SPACs and SPAC executives are also more likely to face claims and class action lawsuits.

Both the demand and underwriting risk for D&O liability insurance are growing, as the changing regulatory and listing environment increases corporate listing risk and costs for non-compliance. Meanwhile, the circumstances that prompt D&O litigation have also expanded from improper information disclosure, false statements and insider dealing, to include bankruptcy, climate change, environmental issues, or delayed disclosure of cyberattacks.

Cybersecurity risk has yet to be clearly defined, it could include any malicious or unmalicious cybersecurity-related incident, or loss of tangible or intangible assets. In recent years, underwriting gaps exposed by silent cyber risk has become a controversial issue, often resulting in losses for the parties concerned. In response, regulators, rating agencies, and international insurance companies have developed new frameworks to affirm and exclude cyber cover, reducing uncertainty and minimizing risk exposure.