Each year, WTW, in collaboration with Clyde & Co LLP, publishes its Directors’ and Officers’ Liability Survey. In our 2024 edition, we have continued the international scope of the report, with responses from officers, directors, and risk managers in 40 countries around the world. The survey asks respondents to consider the importance of specified risks for directors and officers, whether financially or reputationally.
Results from North America were remarkably similar to results globally, with participants overall viewing the top seven risks the same.
North American survey participants were consistent with prior years in identifying cyber-related risks among the most important risks. However, unlike in previous years, “health and safety” emerged as the top overall risk concern, with 83% of respondents in North America believing the risk to be “very important” or “extremely important.”
“Cyber attack (including cyber extortion),” “data loss,” “regulatory breach,” and “systems and controls” were risks that rounded out the top five.
Regulatory actions continue to be pursued aggressively in the US so it is unsurprising that it features at number 4 on the top seven list for North America. In relation to the second place concern - cyber risk - in July 2023, the SEC approved new cybersecurity-related disclosure guidelines and regulators are continuing to focus on cyber risk disclosures. Such disclosures, along with mandated disclosures about board cybersecurity governance, could be utilized by plaintiff lawyers in the aftermath of a cybersecurity incident to bring suits. However, while cyber breaches and cyber security continue to be a major concern for companies and their D&Os, we have not seen a significant number of cyber-related shareholder lawsuits as many have expected. Shareholder derivative lawsuits have been filed in the wake of data breaches and other cyber events, but many of these actions have been dismissed based on the Business Judgment Rule defense.
“Civil litigation / 3rd party claims” and “bribery and corruption” followed as the sixth and seventh most important risk concerns.
The US is the only region which features Civil Litigation/3rd party claims in its top 7. This is unsurprising given the ripe litigation environment there. However, concern about shareholder claims/class actions is relatively low (44%), slightly at odds with the volume of such claims in the US and their potential for significant damages and costs.
According to Cornerstone Research’s Securities Class Action Filings, 2023 Year in Review, new securities class action filings increased for the first time since 2019 and there is evidence in the Cornerstone figures that damages amounts have increased. Further, according to NERA’s Recent Trends in Securities Class Action Litigation: 2023 Full-Year Review, securities class actions are taking longer to resolve and settlement values have increased.
It is worth noting that cases against financial institutions could represent a major new emerging trend. New filings in the financial sector more than doubled from 2022 and accounted for 12% of filings in 2023. Specifically, plaintiffs filed nine securities class actions (one in late-2022 and eight in 2023) relating to the banking crisis in which a number of sizeable U.S. banks failed during the first half of 2023. There could be more securities class actions against financial institutions in 2024, particularly if U.S. banks continue to struggle with interest rates as they did in 2023.
Derivative actions are another type of shareholder lawsuit that have a significant impact on claims under D&O policies in the U.S. These types of cases are growing in popularity and upward settlement trends – many in the nine figure range - are creating additional concerns for D&Os and their insurers. Many such cases feature Caremark claims alleging that D&Os breached their duty of oversight. These cases are rooted in systems and controls failures, identified as the number five concern for US respondents.
In past years, environmental, social and governance (“ESG”) risks – so dominant in headlines around the world in recent years – did not present itself as a significant category of concern for most respondents in North America. In contrast this year, ESG concepts were found within many of the surveyed subjects that ranked high among North America respondents. These included “health and safety” itself (83%), as well as “Governance” categories such as “systems and controls” (74%), “board structure, composition, independence, diversity” (56%).
Of note, “Environmental” categories uniformly fell below 40% of respondents who believed the risks to be important. “Pollution,” for example, was considered “very important” or “extremely important” to only 37% of North America respondents, followed by “climate change” (33%), “per- or poly-fluorinated alkyl substances” (23%), and “biodiversity” (13%). As to “pollution” and “climate change,” all other regions globally viewed these risks as higher, in most cases above 50%.
Despite the perception of directors who responded to the Survey, in view of new regulations, an increasingly difficult political environment (which has witnessed a backlash against ESG), and the rising interest of regulators and the plaintiffs’ bar in ESG disclosures, it is even more likely that companies and their D&Os could face exposure to ESG risks and concern may rise in future surveys.
The potential for a rise in D&O claims relating to climate change, in particular, has been discussed for a number of years, but with new SEC and California disclosures rules (the latter being broader in scope than the SEC rules) likely coming on-line in the next year, we may finally see a rise in climate-related claims – regulatory actions and shareholder litigation - under D&O policies. For now, however, both the SEC and California disclosure rules are being challenged. As the challenges proceed, the SEC has issued an order stating the rules. In the meantime, shareholders have already filed a number of actions disputing companies’ ESG initiatives and disclosures. Although those cases have been largely unsuccessful to date, the plaintiffs’ bar and activist shareholders have shown great interest in this area.
There may also be more claims in the coming years relating to other categories of ESG. For example, with regard to social reporting requirements, in 2020, the SEC adopted a rule requiring companies to disclose human capital management measures and objectives they focus on in their business. That same year, NASDAQ filed a proposal for new diversity rules, which were adopted by the SEC and finalized in August 2021. Following the U.S. Supreme Court’s June 2023 ruling in Students for Fair Admissions v. Harvard, that race-based affirmative action in college admissions is unconstitutional, shareholders have demanded retraction of certain DEI initiatives and taken other actions to move companies away from ESG commitments – with mixed results so far. Employees have also filed lawsuits for reverse discrimination, alleging that DEI policies discriminate against white male employees. One case alleged that a senior executive was fired to further the goals of the company’s DEI program, resulting in a jury verdict for $10 million.
We also asked respondents to comment on the importance of various aspects of their Directors and Officers (“D&O”) insurance policies. Consistent with recent years, the top concern for survey participants in North America was “choice of lawyer” (a concern for 76% of respondents), an issue that concerns respondents globally to a noticeably lesser extent (the 8th most important risk overall at 68%).
In a tie for the second greatest D&O insurance concern in North America, at 75%, were “control/settlement of claims” and “cover for cybersecurity-related risks.” Both of these were the top two concerns globally at 74% and 73%, respectively.
Rounding out the top seven concerns in North America were “cover for claims in all jurisdictions” (74%), “cover for fines and penalties” (73%), “how disputes with the insurer will be dealt with” (72%), and “conflict of interest between a Director and the company” (67%).
All of this would appear to highlight the significance of companies maintaining robust D&O and cyber coverages, particularly as to the breadth of wording relating to claims and defense, how claims in multiple U.S. and foreign jurisdictions are handled, who is considered an “Insured” in the policy, and in coverage for distinct forms of loss, such as fines and penalties.