Each year, WTW, in collaboration with Clyde & Co LLP, publishes its Directors’ and Officers’ Survey results. In our 2025 edition, we have continued the international scope of the report, with responses from officers, directors, and risk managers in more than 40 countries around the world. The survey asks respondents to consider the importance of specified risks for directors and officers, whether financially or reputationally. Below, we address responses from North America, inclusive of the United States and Canada.
Survey respondents were consistent with prior years in identifying cyber-related risks among the most important, with two such exposures – “data loss” and “cyber attack (including cyber extortion)” – constituting the top two risks. Last year, “health and safety” emerged as the top overall risk concern in North America, but it fell to number four in this year’s survey. “Systems and controls” assumed the number three spot (73%). Survey results from North America stood in contrast to results globally, where “health and safety” remained the top risk overall (80%).
“Regulatory breach” (62%), “civil litigation/3rd party claims” (55%), and “diversity, equity and inclusion” (“DEI”) (54%) rounded out the top seven risks. Given increasing anti-DEI political pressures in the United States, it is not clear whether there is consensus among the 54% as to whether they are concerned with having enough or too much focus on DEI (or the challenges of getting it just right in relation to all constituencies).
The new Trump Administration is already having a huge impact on the regulatory environment in the U.S. and this has created much uncertainty about regulation and in the financial markets. Trump and the Republican-controlled Congress are quickly implementing their deregulatory agenda. The SEC will no longer take an aggressive enforcement approach and issue controversial rules and guidance as it did under prior Chair Gary Gensler, and will instead focus on more traditional areas such as fraud, market manipulation, anti-money laundering, sanctions and other misconduct.
Notably, on February 10, 2025, Trump issued an Executive Order announcing a “pause” on enforcement of the Foreign Corrupt Practices Act (“FCPA”), which has been a favorite enforcement tool of both the SEC and DOJ. FCPA investigations and actions have resulted in substantial defense costs and settlements in both regulatory actions and shareholder litigation against companies and their D&Os. The decrease in regulation and enforcement activity could result in a substantial decrease in the number of regulatory claims under D&O policies, at least in the short term, but it raises concerns about the long term impact, including whether this will create an environment for corruption and threaten the stability of the financial system. It is also possible that the lessening of regulatory risk may give rise to a more aggressive plaintiffs’ bar, eager to act on purported wrongdoing against which the SEC may be reluctant to pursue.
As noted, litigation and third party claim exposure is also a heightened concern in our survey, a concern to 55% of respondents. According to Cornerstone Research’s Securities Class Action Filings, 2024 Year in Review, during 2024, new securities class actions increased for the second year in a row to 225 (up from 215 in 2023). This is the highest number of new cases since 2020. Over the past ten years, core, or more traditional, filings have been filed at a steady and relatively high level. These cases are more difficult to dismiss than the large number of weaker M&A objection actions that inflated the new filing numbers in the 2017-2020 period. Notably, there were 15 A.I.-related securities class actions filed in 2024, which is more than double the seven such cases filed in 2023.
Derivative actions are another type of shareholder lawsuit that have a significant impact on claims for coverage under D&O policies in the U.S. Large cash settlements continue to cause concern for D&Os and their insurers, particularly as companies may not be able to indemnify for such settlements, which could trigger Side A coverage.
In 2025, similar to 2024, environmental, social and governance (“ESG”) risks were included among many of the surveyed subjects that ranked in North America. These included “health and safety” (71%), as well as risks in “Governance” categories – “systems and controls” (73%), DEI (54%) and “board structure, composition, independence, diversity” (53%). Notably, less than 40% of respondents considered any of the risks classified in “Environmental” categories to be important. “Climate change,” for example, was considered “very important” or “extremely important” by only 38% of North America respondents, followed by “nature and biodiversity” (36%), “pollution” (32%), and “per- or poly-fluorinated alkyl substances” (29%).
DEI may become an increasingly significant risk in the U.S. The Trump Administration is targeting “illegal DEI,” and Trump has issued an Executive Order specifically targeting companies that continue to follow DEI policies. Notably, the new Attorney General, Pam Bondi, recently issued a memo directing the DOJ’s Civil Rights Division to “investigate, eliminate or penalize companies in the private sector and education institutions that receive federal funds” that maintain “illegal DEI preferences.” Other federal agencies, including the Federal Communications Commission, have indicated that they intend to investigate DEI practices at other companies they regulate.
Meanwhile, many shareholders continue to support DEI, and a number of companies, including Apple, have resisted attacks on their DEI initiatives. Companies doing business in the U.S. may be in a difficult position of having to understand and comply with the new federal approach to DEI and their shareholders’ and customers’ views regarding DEI. This may increase risks of regulatory breaches as well as litigation for companies doing business in the U.S. and their D&Os.
As a general matter, risks in the “Environmental” categories were viewed as less important by North America respondents than those in any other global region. This result may relate to the trend of less environmental regulation in the U.S. on a federal level and in some states. In particular, it appears that under the new Administration, the SEC will not implement its climate change disclosure rules. Many companies and their D&Os, however, may be subject to California’s new climate disclosure rules (if they survive court challenges), and a number of other states, including Illinois, Minnesota, New York and Washington are considering similar climate-related legislation. Moreover, companies doing business in the European Union (“EU”) may be subject to the EU’s sustainability disclosure guidelines.
We introduced “AI/Machine learning” as a new risk concern to this year’s survey. Less than half of North America respondents (42%) considered this to be a “very important” or “extremely important” concern, consistent with respondents in four other regions – Europe (49%), GB (43%), and Australasia (42%). Respondents in the Middle East (70%), Latin America (62%), and Asia (56%) believed the risk to be more important.
With the rapid growth of AI and machine learning in businesses globally, we will be interested to monitor the views of respondents to this exposure in future surveys. Trump has indicated that he wants to promote A.I. technological advancements and suggested fewer restrictions on A.I., and it seems unlikely that the U.S. will adopt comprehensive A.I. regulations at the federal level any time soon. However, a number of U.S. states have begun to enact their own broad A.I.-related legislation. During 2024, 45 states, as well as Washington, D.C., Puerto Rico and the U.S. Virgin Islands, introduced A.I. bills. Therefore, A.I. regulation will be most active at the state level, and there may be a struggle to find a consistent approach that protects consumers without inhibiting innovation. It is also worth noting that shareholders are increasingly filing lawsuits relating to misrepresentations about A.I., including so-called “A.I. washing” where companies overstate A.I. capabilities to enhance their business. As noted above, the number of A.I.-related securities class actions more than doubled in 2024.
We also asked respondents to comment on the importance of aspects of their Directors and Officers (“D&O”) insurance policies. The top concern for survey participants in North America was “control/settlement of claims” (a concern for 79% of respondents). While this is also the most important risk overall in Europe (73%) and tied as the most important risk in Latin America (75%), it is viewed as a less important concern in all other regions.
“How disputes with the insurer will be dealt with” (77%), “choice of lawyer” (76%), “cover for cybersecurity-related risks” (76%), “cover for claims in all jurisdictions” (73%), “a broad definition of who is an insured” (73%), and “demand repayment for a successful prosecution” (71%) rounded out the top 7 overall D&O insurance coverage concerns for North America.
