Considerations for Private Directors in Todays Risk and Insurance Environment

Boards are charged with helping companies grow and succeed while ensuring that risks are managed responsibly and effectively. As we reflect on recent trends and significant risk factors at the beginning of 2022, there has been a notable acceleration of risks that were once classified as “emerging.”

Among these are the pervasiveness of cybersecurity threats and the heightened focus on workplace culture and organizational reputation. As private companies grow, and especially as they engage in M&A and integration processes, Boards have a crucial role to play in ensuring that management has a sound plan for mitigating these risks, both by transferring certain risks to the insurance market and by having detailed procedures for monitoring and managing risk across the organization.

Here we will review some of these trends and discuss steps that private company Boards can take to protect the value of their businesses.

Bring Cyber Diligence to the Forefront

PDA members are acutely aware of the cyber risk environment. After years as an afterthought, this issue is now squarely on the radar of responsible boards and management teams. With ransomware attacks and other loss activity dramatically increasing over the last two years, the cyber insurance market has been going through a painful repositioning. This has largely taken 3 forms:

1. Rates are increasing substantially. Cyber insurance premiums have doubled, on average, with many companies facing more significant increases.
2. Carriers have reduced the amount of coverage they’re willing to offer. Limit capacity has been cut and many businesses have been forced to accept high retentions as a condition of coverage. Overall, insurers and their regulators are concerned about the systemic / correlated nature of cyber risk, so they are effectively requiring businesses to retain more of the risk themselves or purchase additional coverage from other carriers at a dear cost.
3. Most significantly, the standards for insurability have tightened dramatically. Two years ago, carriers were competing to make their underwriting processes easier and less restrictive. Today, application questionnaires are becoming more detailed and coverage is mostly limited to companies that are up-to-date on important controls such as multifactor authentication and advanced endpoint detection and response.

Quality of cyber controls has frequently surfaced as an issue in the context of M&A. For acquirers, buying a business that has inadequate security controls can jeopardize the insurability of the combined organization. For sellers, failure to implement controls ahead of a sale process can raise red flags in due diligence and potentially threaten a deal.

Private company directors should require their management teams to provide a full accounting and assessment of cybersecurity protocols. Management teams should keep in close contact with their cybersecurity advisors and insurance partners to ensure that their security controls are aligned with current best practices and insurability requirements.

Prioritize Human Capital and Reputational Risk

Private directors today should have an elevated focus on protecting the reputation and organizational culture of the companies they oversee. Societal context has placed more focus on racial justice, the treatment and advancement of women, and other broad issues that play out within the workplace. There is further sensitivity when we layer in COVID-related topics such as vaccine requirements, remote work accommodations, and disability. While the media attention tends to focus on large public companies, private companies need to be responsive to the evolving expectations of their employees and customers.

Concerned about rising litigation, insurers have been scaling back their exposure to management liability risk in the form of employment practices coverage and directors & officers coverage. Premiums and retentions have increased meaningfully, and targeted exclusions have been added for certain types of claims (such as those relating to biometric data and independent contractor classification). Companies with problematic claim history or unfavorable jurisdictions (e.g., California) have been particularly affected.

While private companies don’t have the same type of shareholder pressure as public companies do, these issues are increasingly playing out with employees and customers. With the increased costs of workplace culture challenges – whether in the form of legal expenses, insurance premiums, employee turnover, or otherwise – Boards can take steps to exercise reasonable oversight and protect enterprise value:

• Ensure that management is implementing reasonable and appropriate workplace policies and communicating such policies effectively through an employee handbook, trainings, and a clear “tone from the top”
• Provide an outlet for employees or third parties to notify the Board of issues so that the Board can take steps to investigate possible claims and address issues with management, as appropriate
• Engage in a culture survey or other form of assessment to identify potential issues before they arise as actionable complaints

The risk of litigation is especially high when a company is undergoing change. Periods of change can include merger integrations, reorganizations, management turnover, and rapid hiring. During such times, it is critical to have a clear and effective communication plan for employees and other stakeholders.

While litigation is an inherent and often unavoidable risk of operating a business, companies can protect their long-term risk profile following best practices regarding due diligence and documentation and seeking legal counsel where appropriate.

Leverage Risk and Insurance Advisors

The primary purpose of insurance is to manage risk by transferring certain defined risks to a third party. An added benefit of working with a high-quality insurance carrier or an experienced insurance advisor is the ability to leverage resources that help to reduce overall risk. Many carriers and brokers offer value-added resources and services that can help your company identify and implement best practices. These resources are often overlooked but can be an excellent source of support for growing businesses.

 ABOUT NICK SCODRO

Nick Scodro is a PDA member and President of RBN Insurance Services, an independent insurance brokerage focused on the needs of middle-market companies and financial sponsors. Prior to joining RBN, Nick was an investment banker in the Financial Institutions Group at Goldman Sachs. Nick lives in Chicago and serves on the Boards of two early childhood education not-for profit organizations.