D&O, E&O, Professional Liability

This article provides an update to a post published on July 23, 2024 by Mark Pring, Andy Moss, and Cristina Shea, which can be found here.

It has now been over a month since cybersecurity technology company CrowdStrike rolled out a defective software update that rendered over 8 million computers around the globe temporarily

Early this year, on January 25, 2023, the Delaware Court of Chancery extended the duty of oversight required of a corporation’s directors to its corporate officers, in In re McDonald’s Corp. Stockholder Derivative Litigation, No. 2021-0324-JT, 2023 Del. Ch. LEXIS 23 (Jan. 25, 2023). Before McDonald’s, the Delaware standard had been governed by the 1996 decision in In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996).  Caremark held that corporate directors breach their duty of oversight if they:

  1. Fail to ensure effective information and reporting systems exist; or
  2. Ignore the red flags indicating wrongdoing, when the director (i) knows of the red flags, (ii) consciously fails to take action, and (iii) the failure to take action was sufficiently sustained, systematic, or striking as to constitute bad faith.

The reasoning in Caremark was adopted by the Delaware Supreme Court, again only recognizing the oversight duties for directors. See Stone v. Ritter, 911 A.2d 362, 370 (Del. 2006).Continue Reading Recapping the McDonald’s Delaware court decision – Duty of oversight and D&O considerations

Cyber incidents and attacks, whereby hackers target companies for ransom, to obtain sensitive information, or for other reasons, are a significant and growing threat. In 2021 alone, cyber incidents caused roughly $6 trillion in losses, and the consensus is that the threat of incidents will remain strong. Corporations are increasingly seeking insurance against this risk, but coverage for cyber incidents is still a relatively new and rapidly changing field. In this post, we focus on key considerations for general counsel, chief technology officers and cyber security officers when it comes to cyber insurance and protecting against cyber risk.

Does my company need cyber insurance?

Getting cyber insurance is a unique business decision for each company weighing a variety of factors, but virtually every company faces risks from cyber incidents. Although cyber breaches involving customer or consumer data tend to get the most attention, even companies that collect no sensitive customer or consumer information may fall prey. For one thing, companies may possess private, sensitive information about their employees, including medical or pension information. Moreover, companies may have proprietary information or trade secrets that hackers would want to get their hands on.

In fact, many dangerous and costly cyber incidents actually do not involve the theft of sensitive personal information, because the risk of disclosure of any data of value to a company may be used as extortion leverage. Ransomware can encrypt a company’s data and information systems, and attackers then demand a ransom from the company to restore access. Finally, companies may be targeted as a means of obtaining access to the systems of third parties doing business with the targeted company, which may expose the target to liability to those parties as well as its own incident response and data restoration costs. This explains why the risk is so widespread.Continue Reading Key questions corporate tech, legal, and security officers need to ask when considering cyber coverage

Corporations embroiled in coverage disputes with their D&O insurers may be in the unenviable position of having to bring a lawsuit to enforce their rights. One of the first considerations the corporation faces is where it should file its coverage action. Some may assume that they are limited to the jurisdiction where the corporation principally operates or is headquartered, where its D&O policy was “issued” (often the same jurisdiction as it principal place of business), or where the underlying insured matter is centered. But if the corporation is incorporated in Delaware (which many obviously are), then bringing the action in Delaware is an important additional option that the corporation would be well-advised to consider. Of course, this option begs some important questions.    

Why would a corporation principally operating outside of Delaware want to bring its coverage action in Delaware, particularly when that may mean giving up its “home field advantage” or incurring additional costs to litigate in a distant jurisdiction? Continue Reading D&O coverage dispute? Don’t forget about the Delaware option

M&A activity is making a comeback in 2023, according to Bloomberg Law (“M&A Roars Back in $40 Billion Surge Led by Miners, Storage” A. Kirchfeld and D. Nair, Feb. 6, 2023). The rise in transactions—and the likelihood of claims involving them—will no doubt lead to continued D&O insurance coverage disputes over the “bump up” exclusion.

Policyholders can navigate this speed bump, carriers waving the recent Seventh Circuit decision in Komatsu Mining Corp. v. Columbia Casualty Co., No. 21-2695 (7th Cir. Jan. 23, 2023), and the Final Statement of Decision After Phase One Court Trial entered in Onyx Pharmaceuticals, Inc. v. Old Republic Insurance Co., Case No. CIV 538248 (Cal. Super. Ct. San Mateo Cty. Dec. 30, 2022), notwithstanding. 

Rules for the Road to keep in mind:

1. Choice of law matters

Several courts have addressed the bump-up exclusion recently, and arrived at different results. Indeed, despite analyzing the same bump-up exclusion, the San Mateo County Court in California (applying California law) ruled in favor of insurers in Onyx whereas the Delaware Superior Court ruled in favor of the policyholders in Northrup Grumman Innovation Systems, Inc. v. Zurich American Insurance Co., 2021 Del. Super. LEXIS 92 (February 2, 2021) (the Delaware Supreme Court denied interlocutory appeal), and the Eastern District of Virginia Court (applying Virginia law) did as well in Towers Watson & Co. v. National Union Fire Insurance Co., 2021 U.S. Dist. LEXIS 192480 (E.D. Va. Oct. 5, 2021) (currently on appeal in the Fourth Circuit). The Seventh Circuit applied Wisconsin law in Komatsu, ruling in favor of insurers based on a different version of the exclusion. In short, Delaware and Virginia law remain favorable whereas policyholders have not fared as well thus far under California and Wisconsin law. Continue Reading Navigating the “Bump-Up” exclusion in 2023: Rules for the road

Directors’ and Officers’ liability (“D&O”) insurance offers key protections to a company’s board members and management by serving as a financial backstop for their indemnification rights as well as their personal assets in the event directors or officers are the subject of claims or investigations based on their service to the company.  D&O insurance also adds value and financial protection directly to the company that purchases it, including by reimbursing the company when it indemnifies a director or officer, and insuring the company directly against its own liability for securities claims or (in the case of private companies) certain other claims.

Given the importance of D&O insurance to a company’s corporate governance and risk management, it is critical that companies carefully approach the procurement and renewal process for their D&O insurance.  Unlike many other types of insurance policies, D&O policies are neither standardized nor regulated, and the procurement and renewal process can be more complex to navigate.  Although, the individual facts and circumstances of each particular company will dictate the coverages that are needed, there are a number of key issues and policy provisions that should be at the forefront for every company engaged in the procurement or renewal process.  We address a few of these considerations here. 

Key definitional terms

Certain key definitions found in D&O policies impact whether and when coverage will be owed, including who is an insured and the types of matters that constitute a “Claim” for which coverage may be owed.

With respect to the term “Insured Person” (or similar terms), definitions vary widely as to who qualifies for coverage.  Despite being called “directors and officers” insurance, D&O policies often insure individuals who are neither directors nor officers of the company.  To determine what policy language is necessary for a particular company, it is imperative to closely evaluate the proposed language and ensure that the definition captures the company’s decision-makers—whether that includes just directors and officers, or other employees or consultants beyond those individuals.Continue Reading Key considerations for companies in procuring or renewing D&O coverage

Do not assume insurance coverage is unavailable  

Today’s insurance market is complex.  It encompasses a wide range of insurance policies covering all manner of events and circumstances.  Beyond more traditional coverage for personal injury or property damage (under commercial general liability (CGL) policies), companies now routinely purchase Directors & Officers (D&O) policies, Errors & Omissions (E&O) policies, and Employment Practices Liability (EPL) policies, among others.  These policies can cover everything from claims of wrongful termination (EPL) to breach of contract (E&O) to shareholder class actions (D&O).  Further, many CGL policies are “occurrence” based.  This means that if the loss occurred during the policy period, the policy may provide coverage even if the claim is not made until decades later (presuming you recently learned about the loss).  Accordingly, when you or your company faces a lawsuit, never assume insurance coverage is unavailable.

Immediately notice the claim to all relevant insurers 

Beyond identifying potential coverage under existing policies, it is important to promptly place the insurers on notice of the lawsuit.  A failure to give timely notice could result in a waiver of coverage.  Many policies require the insured to give notice “as soon as practicable” or even “immediately” after learning about the occurrence (e.g., accident harming another’s person or property) or claim (e.g., a lawsuit).  These policies often treat delayed notice as a breach of a condition precedent to providing coverage under the policy.  The insurer will likely then deny coverage based on this breach.  While most jurisdictions require an insurer to show prejudice from a delayed notice of an occurrence, claim or suit, some do not.  Providing prompt notice avoids what could be a costly dispute, especially if the insurers succeeds in avoiding coverage.  Therefore, even where you believe a lawsuit will resolve quickly, it is still imperative to give timely notice (and, thereby, avoid forfeiting the coverage purchased).  Continue Reading You’ve been sued: An insurance attorney’s top tips for securing (and preserving) coverage

Government investigations by SEC, DOJ, and state attorney generals are a significant source of exposure for companies and their directors and officers. Companies can spend millions of dollars responding to a government subpoena or investigative demand. The broadly worded demands for information or testimony typically require extensive searches through mountains of paper documents and electronically stored information (“ESI”).

As investigation defense costs rise, the question inevitably follows: Will the company’s D&O or professional liability insurance cover the costs of responding to a formal investigative order, civil investigative demand or subpoena? The answer to this question is not always clear-cut. Given the stakes, insurers and policyholders frequently litigate this issue, with courts across the country reaching different conclusions depending on the unique terms, definitions, and conditions of the policies and the type of investigation at issue. A recent decision in Delaware addressing insurance coverage for the costs of responding to a civil investigative demand provides helpful guidance for policyholders seeking coverage for these costs.

In Guaranteed Rate, Inc. v. Ace Am. Ins. Co., No. N20C-04-268 MMJ CCLD (Del. Super. Ct. Aug. 18, 2021), appeal refused, 266 A.3d 212 (Del. 2021), the Delaware Superior Court considered whether a civil investigative demand – issued by the U.S. Attorney’s Office for the Northern District of New York and the U.S. Department of Justice – qualified as a “Claim” as required to trigger coverage under the policyholder’s Private Company Management Liability Policy. The civil investigative demand was issued pursuant to the False Claims Act “in the course of an investigation to determine whether there is or has been a violation of 31 U.S.C. § 3729.”Continue Reading Guaranteed Rate v. Ace American Insurance – a victory for policyholders seeking coverage for government investigations

Cannabis and the D&O market in 2022

In the early days of 2022, cannabis companies and investors have cause for guarded optimism. The once very real specter of federal intervention in the burgeoning industry seems to have faded into the background as successive presidential administrations have declined to push the issue, and now, all but two states have legalized cannabis in some form. With the cannabis industry reporting record profits despite a global pandemic and continued federal illegality, and numerous states and localities turning to it to fill revenue gaps left by COVID-19, it seems fair to say that cannabis has gone mainstream (see Earl Carr “What You Need to Know About Cannabis in 2022 and Beyond” Forbes).

Yet, as much as some things change, others stay the same. Despite the maturation and growth of the cannabis industry and its significant players, the directors and officers (D&O) insurance marketplace remains treacherous. Many major insurers still refuse to offer D&O coverage to the cannabis industry altogether (see Matthew Lerner “Finding D&O coverage remains a challenge for cannabis companies” Business Insurance), while a minority have decided that the opportunity outweighs the risk – with “opportunity” here meaning the ability to charge cannabis policyholders premiums between two and ten times the market average for coverage that is often quite limited. (See David Kennedy “Directors and officers liability insurance is increasingly important – and costly – for cannabis companies” MJBizDaily).

Cannabis companies, for their part, face a Hobson’s choice: either pay a substantial mark-up for a D&O policy that may or may not provide any meaningful coverage, or remain completely uncovered (others have turned to alternatives like captive insurance, a topic for another article (see, e.g., Ryan Smith, “ARS Launches Captive for Cannabis Company,” Insurance Business Magazine)). At a time when D&O insurance is increasingly expensive across all industry sectors, these factors have led some analysts to describe the cannabis D&O marketplace as “a hard market within a hard market.” (See Kimberly E. Blair, Jonathan E. Meer, & Ian A. Stewart “Cannabis Directors and Officers Liability: Cause for Optimism?” The National Law Review Vol. XI, 189, July 8, 2021)Continue Reading D&O insurance for the cannabis industry