Company directors may face costly lawsuits if they are negligent in preventing or managing cyber attacks, according to Marsh.

“Under many regulatory regimes, directors and officers have extensive responsibilities to implement systems and controls to manage their company’s data usage,” it says.

“If, following a cyber attack, it is found they have breached these fiduciary duties, company directors and officers could be personally exposed to lawsuits, shareholder class actions and regulatory activity.”

The global broker urges bosses to examine directors’ and officers’ (D&O) liability insurance arrangements, to determine if employers have bought sufficient coverage.

A typical D&O policy, which covers individual executives for all acts, errors and omissions, could include cyber-related cases.

“Directors and officers should take a proactive approach to managing their insurance arrangements,” Marsh Financial and Professional Practice Senior VP Eleni Petros said.

“By ensuring they have adequate cover in place, they can personally protect themselves from the impact of regulatory investigations or shareholder litigation following a cyber incident.”

Exclusion of cyber-related negligence in D&O cover leaves directors and executives vulnerable to litigation, given the corporate world’s reliance on digital technology to carry out daily operations, Marsh says.

The ideal D&O cyber-risk policy should include cover for investigation costs, insured individuals, investigation of cyber circumstances, shareholder actions and reputational damage costs for directors.

“The consequences of a cyber breach could be extremely costly for companies and their boards,” Marsh says. “In circumstances where the company is unable to indemnify its directors, or is insolvent, an exclusion of this kind could have serious consequences for directors because they may find themselves with no cover for any cyber-related claim.”

The Association of British Insurers believes cyber cover will become as commonly purchased as property insurance within a decade.

Cyber-risk coverage globally is about $US150 billion ($193.22 billion), according to a Standard & Poor’s report, citing estimates from Marsh.