This lively discussion focused on the market turmoil in the current public and private D&O markets. Additionally, the professionals explained the scope of Cyber Insurance for tradition exposures, operational risk and regulatory compliance.

1. Lockton Companies |
Is your company protected from Cyber risk?
Market turmoil in the
Directors and Officers
Liability marketplace

2. Lockton Companies |
 Introductions
 A tale of two markets
 Directors and Officers Liability
market turmoil
 Public
 Private
 Cyber risk — are you covered?
 Traditional coverage
 First-party coverage
Agenda

3. Lockton Companies |
 Privacy and network security
(Cyber)
 Still the beginning
 Phase II
 Systemic risk
 Directors and Officers Liability
 In the beginning
 Mature market
 Market cycles
 Market disruption
A tale of two markets

4. Directors and Officers Liability
insurance — a market in turmoil

5. Lockton Companies |
Recent securities claims trends

6. Lockton Companies |
 Claims allegations shift from governance and
accounting to operational risks — event-driven
litigation (i.e., #MeToo, Cyber/ privacy, California
wildfires, industry regulatory issues). GAAP
violations comprised only 45% of allegations.
 1933 Act (Section 11) actions can be brought in
state court — Cyan ruling. Multiple parallel
state/federal suits arising from IPOs. 54% of cases
are parallel filed.
 Holding directors and officers personally
accountable remains a priority by courts and
regulators.
 Derivative matters becoming more costly.
 Litigation rate climbed again.
 Merger objection suits continue with vigor in
federal court — 158 filings (39%).
 Emerging law firms — Rosen, Pomerantz, Glancy
— equal increased filings. Top three industries
remain life sciences, technology, financial
services.
 Average settlement tripled to $65M, while
median settlement doubled to $11M.
 SEC enforcement actions up 5% in 2019, and total
penalties up 10%.
 Whistleblower activity — continues to ramp up
with $168M in payouts. This program shows no
signs of slowing down, and is considered a huge
win for the SEC. Now expanding to the UK.
Securities trends – a new normal

7. Lockton Companies |
 Threat environment update
 BIPA
 GDPR
 Cyber — privacy — Capital
One
 Cyber security — Fedex
 Duty of oversight — BlueBell
 #MeToo
 Climate change — 3M, PG&E
 Shareholder derivatives —
Wells Fargo
 Shareholder risks
 Securities class action
 Merger objection
 Derivative shareholder action
 Securities individual action
 Corporate capital risks
 Capital regulatory action
 Books and records
 Wells notices
 Business practices risks
 Foreign Corrupt Practices Act
Directors and Officers Liability threat environment

8. Lockton Companies |
Market pricing escalation

9. Lockton Companies |
Top carriers writing public Directors and Officers
Liability

10. Lockton Companies |
 Internal strategy
 Limits
 Retention
 Coverage
 Cross-line collaboration
Analytics Drives Better Decisions
 Directors and Officers Liability
market strategy
 Know your client
 Approach markets around the
world
 Foster competition across field of
capital
 Leverage relationships across all
lines
 Tell the clients story well
 In-person underwriting meetings
 Communication is key
 Claims
So what do we do?

11. Lockton Companies |
 Recent trends
 Coverage restrictions
 Antitrust
 Entity coverage
 Pricing
 EPLI
 Wage and hour
 Retentions
 Social engineering
 $s = crime
 Data = cyber
Private company Directors
and Officers Liability

12. Cyber risk –
is risk transfer a viable solution?

13. Lockton Companies |
 Practice overview
 53 team members both
domestically and around the globe
 ~$225M in GWP in 2019
 Coverage-focused brokers
 Governance process
 We have built our governance
approach and process for Cyber
risk around four key elements
 Identify assets and business
operations (data, IP, physical)
 Understand and quantify exposure to
assets and business operations
 Develop and support an actionable
incident response plan and business
continuity plan
 Assign value to risk transfer
Lockton Cyber Technology practice

14. Lockton Companies |
First-party costs
 Breach response costs
 Cyber extortion
(ransomware)
 Data restoration
 Business interruption
 Reputational harm
 Cybercrime
Third-party liability
coverages
 Network security liability
 Privacy liability
 Privacy regulatory liability
 PCI-DSS liability
 Multimedia liability
Cyber insurance 101
from third
to first

15. Lockton Companies |
Cyber as a peril
Network
Business
Interruption,
Extra Expense
Digital
Asset
Loss
Cyber
Extortion
Loss of
Employee
Personal
Information
Breach
Event
Costs
Theft of
your
Funds
Property
Damage
Espionage
Risk
Bodily Injury,
Property
Damage,
Pollution
(Sudden/
Accidental)
Media
Content
Infringement
Liability, incl.
Advertising
Third Party
Computer
Network
Connection
Network
Security
Failure
Privacy
Regulatory
Investigations
Loss of
Confidential
(including
Personal)
Information
Your
Cyber
Event
R
D
Uninsurable under current market conditions
Covered by a traditional Cyber policy and potentially
covered by a Property policy
Covered by a traditional Cyber policy
Covered by a traditional Cyber policy and potentially
covered by Kidnap & Ransom.
KEY:
Potentially covered by a Cyber Wrap or within a
traditional P&C program
Covered by an enhanced Crime policy

16. Lockton Companies |
 Evolution of ransomware
 Higher demands
 New strands
 Data exfiltration
 Threat environment update
 Market update
 Market shift – the tech E&O/Cyber
marketplace is begging to shift. This is
due to the headline breaches (Marriot,
CapitalOne, Etc.) and the prevalence of
ransomware attacks.
 Decreased capacity – capacity is
beginning to become less readily
available than in past years. Insurers and
reinsurers are taking a closer look at the
amount of Cyber limits they are
deploying in general and on individual
risks
 Underwriting approach – risk
evaluation is beginning to change as
certain carriers are beginning to rely
more on external reports/evaluations
and less on applications.
 Industry types – classes of business
which continue to be most challenging
include: technology service providers,
retail, healthcare, energy, education,
financial institutions, security, and
payment card processing.
Cyber threat environment and market update

17. Lockton Companies |
 Physical property damage and
bodily injury
 German steel mill
 Nation-state attacks
 How is the insurance market
reacting
 Coverage gap
 Unstandardized wording
 Clarifying language
 Business interruption
 Security failure
 System failure
 Contingent business interruption
 Supply chain business interruption
 Infrastructure outage
 Bricking
Operational risks

18. Lockton Companies |
Privacy and regulatory landscape
• GDPR
• CCPA
• BIPA
• More nations
and states to
follow suit
New
regulations
• Compliance and data
hygiene
• Keeping up with the changes
(“but we don’t operate in
Europe”)
• What information is on the
systems
• How is it stored
• Where is it stored
• How long is it retained
Impact on
organizations
• Statutory
damages
• Cyber market
reaction
• Bermuda wrap
Insurability

19. Lockton Companies |
Our mission
To be the worldwide
value and service leader
in insurance brokerage,
risk management,
employee benefits and
retirement services

20. Lockton Companies |
Our goal
To be the best place
to do business and
to work

21. RISK MANAGEMENT • EMPLOYEE BENEFITS • RETIREMENT SERVICES
Our Mission | To be the worldwide value and service leader in insurance brokerage,
risk management, employee benefits and retirement services
Our Goal | To be the best place to do business and to work
© 2020 Lockton, Inc. All rights reserved.
LOCKTON.COM