Directors & Officers – A broadening risk landscape

The role of a company director or owner can be a stressful one. In addition to the responsibility of making the right strategic decisions for the organisation, directors also face the implications of a broadening risk landscape and an ever-present threat of a claim being brought against them as a result of their actions.

Whilst these might stem from a disgruntled employee or a vexed consumer, the advent of the digital age and the move towards an increasingly connected world means that directors are now faced with a new raft of risks and exposures. Being aware of these vulnerabilities is not enough; rather directors and senior decision-makers need to implement measures to minimise their exposures and protect themselves in the event of a claim being brought.


Regulatory responsibilities

The arrival of the General Data Protection Regulation (GDPR) in 2018 placed a greater responsibility on company directors and management boards not only to ensure, but also to be able to demonstrate organisational compliance with the updated legislation. Further, the UK Data Protection Act (2018), which came into force at the same time, provides that directors may have personal responsibility for any breaches identified within the company in certain circumstances.

Aside from the hefty fines which could be imposed on the company (potentially up to €20 million or 4% of annual global turnover), directors could also be liable for criminal offences under section 198, where “an offence has been committed by a body corporate with the consent, connivance or neglect of an officer”. Whilst data breaches can result from human error, they may also be the consequence of a cyber-attack.

Artificial intelligence

There’s no doubt that artificial intelligence (AI) can enable a variety of efficiencies for organisations, from automation of routine tasks to data mining and outcome prediction. However, the technology is not without its risks. AI is evolving at a rapid rate and legislation is continually playing catch-up. AI and big data often go hand-in-hand and company directors need to ensure that AI is being used responsibly and in line with data protection regulation, as mentioned previously.


Brexit is currently an inescapable topic, permeating almost every facet of the macro- and micro-environment. Company directors are amongst those following its progress with interest, not least as they could be held culpable if it’s deemed they’ve not taken sufficient action to prevent a foreseeable loss of performance following the UK’s withdrawal from the EU. It’s even been mooted that this lack of preparedness could lead to a spike in D&O actions against board members. According to a 2018 Institute of Directors (IoD) survey of 800 UK business leaders, less than a third had carried out contingency planning for Brexit. In response to this finding, the IoD issued guidance on how to prepare for a ‘no deal’ scenario, including understanding the company’s exposure to the EU market and considering the possible impact on upstream and downstream supply chains.

Climate change

The Companies Act 2006 requires directors to act in a way that pays regard to “the impact of the company’s operations on the community and the environment”. Following initiatives such as the Paris Agreement 2015 and the Renewable Energy Directive, UK company leaders are likely to face increased scrutiny over the environmentally-friendly credentials of their organisations.

Any executive found to be neglecting such duties is answerable not only to their stakeholders, but also to the judiciary system. Since climate change risks are regarded as foreseeable by courts and relevant to a director’s duty of care and diligence, any breach of such duty could result in litigation.

However, it seems that not all executives are paying heed to this. A study carried out by energy consultancy Carbon Credentials in 2018 showed that only 10% of companies had developed strategies to cut carbon emissions.

#MeToo and workplace harassment

In October 2017, the #MeToo movement against sexual harassment and assault went viral on social media. This movement, in conjunction with the Harvey Weinstein scandal, inevitably shone a spotlight on sexual misconduct in the workplace with a reported one in three woman alleging sexual harassment against a colleague. Following #MeToo, the number of office romances fell to a ten-year low and there were reports of office parties being cancelled for fear of any possible repercussions.

A company director could be subject to criminal proceedings, not only if they themselves commit such misconduct, but also if they are found to have turned a blind eye to such activities. Senior executives have a responsibility to follow up on any warnings or complaints and where a company suffers reputational damage as a result of a claim which leads to insolvency, liquidators could bring action against board members.


Against the backdrop of this risk landscape, many directors are recognising the benefits of taking out Directors & Officers (D&O insurance).

First introduced by the London Insurance market in the 1930s, D&O initially went by the name of ‘personal finance protection insurance’, and clarified rules around the indemnification of directors and officers from claims. Since 2000 there has been a 63% increase in the number of UK businesses, reaching 5.7 million private sector businesses in 2018 of these, 99% are small or medium enterprises (SMEs). By this reckoning, there are at least the same numbers of company directors, since each private company must have at least one director. It’s almost impossible to say how many UK companies and directors buy D&O insurance, since only the small number of publicly traded companies must declare whether or not this insurance is held. However, reports suggest that penetration of D&O insurance is much lower amongst SMEs with only approximately 27% taking up cover. It could be argued that SMEs are even more vulnerable than their larger counterparts, since many are unlikely to have dedicated HR or legal departments to offer advice should an incident occur.

A director could even be held liable once they’ve ceased to hold office, meaning that any D&O policy should ideally include run-off cover. Crucially, this must have been in place at the time of the alleged incident to ensure the policy is on cover.


D&O insurance can offer a safety net to any company, whether publicly traded or not-for-profit, in respect of liabilities not otherwise covered by other insurance policies. It does not give directors licence to behave irresponsibly or in bad faith, but can be used both to steer good practice and provide essential support and guidance in an increasingly complex and sophisticated risk environment.

Source: Allianz Insurance plc