Why do I need Directors and Officers Liability Insurance?

Why do I need Directors and Officers Liability Insurance? 1920 1280 James Hallam

Directors and Officers have a significant role in helping to keep businesses running smoothly, but mistakes can happen. Directors and Officers Liability insurance applies to anyone who serves as a director or officer of a for-profit business or nonprofit organization. In the event that the individual within the business falls short of their obligations, this insurance is intended to protect them from personal losses if they are sued as a result. It can also cover the legal fees and other professional costs of defending yourself against such claims.

Who can sue?

  • The Company
  • Shareholders
  • Third Parties
  • Employees
  • Creditors
  • Regulatory Bodies
  • Competitors

Directors and officers can be sued for a variety of reasons, including:

  • Misrepresentation of company assets
  • Misuse of company funds
  • Improper disclosure
  • Failure to comply with workplace laws
  • Negligent
  • Theft of intellectual property or poaching of competitor’s customers
  • Lack of corporate governance

What does Directors and Officers Liability insurance policy cover?

The purpose is to provide protection for the directors and officers of the company for any alleged wrongful acts that are committed in the course of their duties. A Directors and Officers Liability Insurance Policy is comprised of two sections; officers and directors liability which pays any loss they are liable to pay and which arises from their having committed a wrongful act while acting as such. The second section refers to company reimbursement, if the company is legally liable to indemnify its directors and officers for their actions, this section will reimburse the company in respect of such liability.

Why does my business need to purchase D&O insurance cover?

Any business with a corporate board should consider investing in D&O insurance. While you may not be legally required to have D&O insurance if you are alleged to have acted wrongfully, you could face claims for compensation or criminal proceedings. Regardless of the size of your company, directors and officers can still be personally sued over their management of company affairs. Smaller businesses with fewer assets may need as much protection as larger corporations with higher revenues. There are so many decisions to be made for your business as we navigate through these uncertain times and whilst there is a wealth of professional advice out there, this won’t necessarily prevent allegations being brought against you or your business. It is for this reason that many company directors tend to have D&O cover in place.

D&O Insurers are aware that the current crisis has resulted in more claims, which is causing a hardening market. This means that insurers are likely to revise the D&O cover they provide and increase their premiums. This trend is probably going to continue for the foreseeable future so purchasing a policy now makes sense, even if your other insurance policies are not yet due for renewal.

Reduce Data Exposure to Cyber Threats

Reduce Data Exposure to Cyber Threats 1920 1280 James Hallam

In our current world, protection against cybercrime is needed more than ever. Cyber criminals will be using COVID-19 to increase their activities to attack individuals and organisations. The National Cyber Security Centre has reported a rise in online scams exploiting the pandemic with the aim of obtain money from victims. It is critical for organisations to re-assess their data protection practices to cyber security and help protect themselves from experiencing data exposure and breaching GDPR.

Why is cyber security important?

• Damage to IT systems
• Loss or impairment of critical business data
• Loss or compromise of customer data
• Loss of use of customer facing websites
• Damage to brand or reputation and loss of public trust.

The increase in the number of individuals working from home poses even more risk to businesses as they become more reliant on their IT systems and employees often working on their own devices.

What steps can I take to be prepared for a cyber attack?

1. Protect data using strong passwords and encryption. Make sure you avoid using predictable passwords and provide secure storage for passwords.

2. Secure your computer, wireless network and mobile device. Often cyber criminals will gain entry by exploiting your software. To prevent this, ensure you keep all your applications and operating systems up to date.

3. Provide training against cyber treats. Your employees should know your cyber security policies and know how to report suspicious activity. Providing training on these topics should assist employees in reducing the risk of data exposure.

4. Consider having an offline back up. Back up your data regularly in more than one place and do not leave your backup connected to your device when not in use.

5. Understand phishing threats and how to respond. Phishing is a method cyber criminals use to gather information. They often send victims emails with links that will direct you to fraudulent websites, asking you to provide sensitive information. Providing real life examples through training can help employees understand what to look for and how to best deal with them.

6. Create an incident response plan. While cyber security programmes secure an organisations digital assets, an incident response plan provide steps in case a cyber attacks occurs. This will allow organisations to notify impact customers quickly and limit financial and reputational damages.

7. Use multi factor authentication. This adds a layer of security to protect against compromised credentials. Users must confirm their identity by providing extra information when attempting to access networks, e.g. phone number or security code.

What if my business becomes victim to a cyber attack?

Taking these steps can reduce the chances of you becoming a victim of a cyber-attack but it is impossible to eliminate the risk entirely. Cyber Insurance can help your business deal with and recover from any cyber attacks.

Cyber & Data Risks Insurance

Cyber & Data Risks Insurance 1920 1280 James Hallam

Each year when completing a review of their insurances, most businesses will look at uninsured exposures with their insurance broker. Most of these can be reasonably ignored following simple cost-benefit analysis, but cyber is more difficult in that the associated risks and their potential cost to a business are still developing. It is anticipated though that the frequency and severity of such incidents will continue to rise, mirroring the experience of North America where cyber risks are given a higher regulatory and boardroom prominence. In the US it is now estimated that over 75% of corporate businesses purchase cyber insurance.

  • Different businesses will be exposed to cyber risk in different ways; some are reliant on their website to drive turnover, some rely on a hosted accounting or billing system to operate whilst others hold sensitive client data or intellectually valuable data on their systems. There are a multitude of scenarios that leave a business exposed to internal and external electronic threat. The failure of an IT network could be debilitating and a good first step is to identify and take steps to mitigate external and internal IT risks. These include:
    data theft or data loss
  • hijacks where hackers gain control of a system and demand a ransom to restore service
  • bot scams where viruses are used to take over large numbers of computers
  • basic human error (internally generated risks should not be overlooked and continue to be the most common proximate cause to a cyber loss)

Notification costs following the loss of third party data is now a major concern for EU business following GDPR. Safekeeping of data is the responsibility of the customer facing entity, notwithstanding that a third party processing company may have been the party that lost the data and/or contractual terms making a third party responsible for notification. This means if you are hacked and lose your customer data (names, addresses, credit card numbers etc.) you will need to report the loss to the data commissioner, possibly pay PCI fines, pay the cost of notifying your customers that they are at risk, pay for advice to manage their risks and pay PR costs to manage the potential damage to your brand and reputation. All of these risks can be insured and cyber insurance will additionally cover fines and penalties associated with regulatory investigations due to a privacy event.
The other major threat to a business may be the loss of a website and a resultant loss of revenue. Again, this can be insured.

  • The cyber insurance market has been developing at a rapid pace over the past five years as experience has been gained by insurers. Areas of cyber-risk that can now be insured include:
    replacing, restoring or recreating data that has been corrupted or destroyed by network failure or first/third party intervention
  • loss of data and notification management costs
  • criminal threat or extortion to release sensitive information or bring down a network unless demands are met
  • loss of income and extra expenses resulting from when a network is interrupted by attack. Covers criminal hackers, malicious insiders and denial of service (DOS) attacks, (including extortion monies)
  • payment fraud (deception of the insured’s customers into transferring over funds)
  • public relations expenses and crisis management
  • disaster recovery activation costs
  • fines and penalties where insurable by law
  • use of leased / rented external equipment
  • use of third party services
  • additional staff expenditure and overtime payments
  • terrorism risk, including ideological risk (LulzSec, Anonymous etc)

James Hallam Insurance Brokers have been placing cyber risk in the London market for over fifteen years. We source cover to insure against all of the above threats and, in addition, we can protect against risks that the majority of cyber insurers omit. For example, our favoured market will also provide:

  • the provision of first party cover on an “each and every claim” basis, ensuring that policyholders aren’t restricted by a policy aggregate and that the full benefits of cover are available each time a crisis strikes, even if they experience multiple cyber incidents in the same policy period
  • full retroactive cover as standard, meaning that policyholders are covered for breaches they discover during the policy period, even if it first occurred long before. Symantec has reported that the average time to discover a breach is 205 days, making this a particularly important feature
  • an extensive in-house incident response capability to ensure that cyber incidents are dealt with quickly and efficiently in real time. Initial response services are offered with no deductible payable by the insured
  • broader cover for senior executive officers who are regularly targeted in cyber attacks, covering theft of personal funds of individuals as well as those of the company
  • if a suit is brought against directors and officers following a cyber attack, the policy provides affirmative cover in the event that their management liability policy doesn’t respond
  • incident response costs are provided in addition to the policy limit
  • no excess is applied to the initial reporting and investigation costs
  • full systems failure is covered, including resultant business interruption
  • full Supply Chain is covered, including Technology suppliers (and non-Technology suppliers if named)
  • Cryptojacking and Botnetting are included under the definition of Cyber Crime
  • Additional Extra Expense coverage is included for costs above the normal operating expenses of a business
  • Hardware Replacement coverage is included for computer hardware or tangible equipment damaged as a result of a cyber event

Some points to consider when discussing Cyber Risk with your clients

Dealing with a ransomware incident is rarely a simple matter of the ransom payment being made and the business in question automatically regaining access to their systems and data. Even after a ransom payment has been made, and assuming the system can be successfully decrypted, the ransomware can have the unintended side effect of severely impairing the functionality of one or more of a business’s vital systems.

The use of legacy systems can significantly increase the risk of a cyber loss. Generally speaking, legacy systems are not only far more vulnerable to attack, they are also much more susceptible to dysfunction following a cyber attack.

The importance of having data re-creation cover is becoming increasingly apparent. Many cyber policies only provide cover for the cost to recover or restore data from back-ups, but not the costs to re-create or re-enter lost data from scratch. The bulk of the costs to a claim can come from the labour costs associated with manually re-entering data, and brokers should be sure to check that their clients have this important cover in place.

Almost all modern businesses have some form of cyber exposure. Even if a policyholder does not solely rely on their computer systems to carry out work, they will still have an office function that playing a key role in the running of the business. When the computer systems in an office are affected by a cyber event it will almost certainly have a negative impact on the overall business operation and having a cyber insurance policy in place will provide a valuable safety net for the company.

James Hallam can place cyber insurance in the London Market for business domiciled almost anywhere worldwide so please feel free to get in touch if you would like us to assist you and your clients.

Credit Insurance Can Be Essential To Your Business

Credit Insurance Can Be Essential To Your Business 1920 1280 James Hallam

2019 is set for a significant increase in business failures since those following the Global Financial Crisis of 2008.

Insolvencies will occur for reasons not seen before such as stress on cash flow due to stockpiling, delivery delay and failure to recognise the effect of tariff and regulatory changes.

  • All business sectors are likely to see margins and their ability to pay promptly squeezed
  • Several high profile insolvencies have occurred in 2018 and companies in many sectors are issuing profit warnings – even the on line retailer ASOS
  • The Office for National Statistics quarterly release shows insolvency  increases in Q3 2018 of +8.9% sequentially on Q2 and +19.3% on Q3 2017
  • This demonstrates a fragile economy with definite potential for more business failures in 2019

Suppliers of goods and services need up to date financial information to ensure customers are able to pay their invoices and the security of knowing unpaid debt is covered by insurance. Not only does a credit insurance policy provide debt collection and indemnity for non-payment following insolvency or protracted default but also REAL TIME FINANCIAL INTELLIGENCE

A ‘buyer’ of goods and services failing to meet debt obligations or with a weakening financial position will be alerted to credit insurers in advance of information becoming public. This critical data enables a credit insured company to review their exposure with vulnerable customers and minimise potential for bad debt

Credit Insurance offers a solution – let our experts speak to you about the benefits this can bring to your business

The Biggest Competitor You Didn’t Know You Had

The Biggest Competitor You Didn’t Know You Had 1920 1280 James Hallam

PwC’s 2018 Global Economic Fraud Survey reveals that 49% of organisations admit to having been targeted or hit by fraud. What they don’t say is that some of the remaining 51% might also have fallen victim to fraud but just don’t realise it.

Corporate fraud is a growing problem in the UK, but for small and medium-sized businesses preventing fraud is proving increasingly challenging. All too often, SMEs simply don’t have the necessary resources to carry out internal checks and balances for their accounting systems. And, despite the clear advantages of fostering a culture of trust within a business, evidence shows that you’re just as likely to fall victim to internal fraud perpetrated by a long-term employee as you are by a recent recruit or contract worker.

So what can you do?

  • External fraud: Review your business processes to ensure they’re safe from potential hijack. For example, when you’re transferring a large sum of money to a supplier, ensure the process is secure by verifying the account details from at least two separate known sources.
  • Payroll fraud: One of the most common types of payroll fraud is where a so-called ‘ghost’ employee is created by someone with access to payroll with the intention of diverting funds either to themselves or a third party. This ‘ghost’ employee may be entirely fictitious or a past employee who was never properly removed from the payroll system. You should also watch out for employees altering their timesheets to increase the hours they’ve worked. An employee may also ask for an advance on their salary but fail to pay it back.
  • Accounting fraud: An employee might tamper with the company’s accounts to cover up theft or use the company’s accounts to commit theft. You should also look out for employees falsifying their expenses. This can include using forged receipts or double claiming for expenses. Run spot-checks on your accounts, including accounts that have been written off by the business.
  • Supplier fraud: A supplier may commit fraud on their own or in collusion with someone inside your business. This might involve an employee taking a payment from a supplier in return for preferential treatment. Another example is where a supplier inflates invoices to charge the company for more goods that it provides or charges a higher price than was agreed.
  • Low-level theft: No theft is too small when it comes to your bottom line and low-level theft, if allowed to continue unchecked, eventually mounts up. This could include anything from theft of petty cash to misuse of company services or resources. Also, look out for employees who are unwilling to take annual leave or are unwilling to let others get involved in their work, as this may be a sign that they fear being found out. You should consider implementing compulsory annual leave in high-risk areas of your business.

Make certain that you are adequately insured

If you discover you’ve become a victim of fraud, a comprehensive crime policy can provide essential balance sheet protection for your business. Moreover, fraud now comes in so many forms – internal, external and online – that it’s essential you get professional advice to make sure you’re doing all you can to protect your business.

For more information please contact
David Noble:

Or Marc Brennan:

Cyber Security and Fraud in Travel

Cyber Security and Fraud in Travel 1920 1280 James Hallam

James Hallam to support ABTA’s Cyber Security and Fraud in Travel Seminar – Key James Hallam partners and clients receive a discount to attend

Andy Bugby (Lead Underwriter – Financial Risks, RSA) will be speaking at ABTA’s Cyber Security and Fraud in Travel seminar on behalf of James Hallam Travel and Tour and Touchstone Underwriting Limited, which will take place on 20 June 2018.

Click here to find out more

Bank Of England Networking Breakfast

Bank Of England Networking Breakfast 1920 1280 James Hallam

ames Hallam Watford Branch were proud to sponsor the Bank of England Networking Breakfast at Moor Park Mansion on 15th May 2018.  

Alex Golledge from the Bank of England addressed a group of about 50 business owners and financial professionals. Alex gave an insight into the Bank’s current thinking, its approach to setting interest rates and some of the factors that have influenced recent decisions to leave this unchanged. He also provided some historical economic analysis and broad predictions for the UK economy. Anecdotally, it was interesting to see his graph with the base rate fluctuation over the last 350 years, as it didn’t move from 4% for about 200 of these!  

It was a really well attended and enjoyable event, in very impressive surroundings, organised by the Watford Chamber of Commerce. The Chamber also used the event to introduce their new CEO, Chris Luff, who we are looking forward to working closely with in the future.