News and Views
Media Coverage

Boards Consider Cyber Coverage for Funds as Hacks Mount

Board IQ

As hackers continue their barrage on companies of all kinds, some independent directors are considering whether it’s appropriate to take out cyber-security insurance specifically for the funds.


Because funds don’t directly hold client data or assets, the fallout directors experience from a hack – regulatory investigations, shareholder lawsuits, and potentially criminal claims – has historically been covered by director and officer or errors and omissions insurance.

Some are asking now whether that’s sufficient. Mutual funds typically review their D&O and E&O insurance at least once a year, says Blank Rome partner Thomas Westle, and the one issue that’s consistently come up recently during those assessments is whether the fund should have its own cyber-security insurance.

Previous discussions generally held that the fund itself faces little liability, because it doesn’t have access to the data targeted by hackers. If a fund’s contract with a third-party provider includes that they safeguard shareholder data, then the fund has done its duty.

“However, this is a litigious society, so if there were to be an issue and there was some lawsuit or investigation by the SEC, I would assume that the fund would be brought into that lawsuit,” Westle says. “The reason for the fund to have insurance would be to ensure that if the fund were to be brought into any civil or criminal lawsuit, the board or officers would be protected.”

Boards may be indemnified with third parties, he says, but many indemnification policies were written a long time ago and don’t contemplate cyber security.

“As a belt-and-suspenders approach, funds would have some insurance on their own,” Westle says, “and I think those policies, the premiums, are not all that expensive.”

Another area where regulators or litigants could criticize directors is if a board didn’t do enough or have its chief compliance officer and other officers delve deeply enough into whether fund service providers had adequate insurance, Westle says.

To read the full article, please click here.

“Boards Consider Cyber Coverage for Funds as Hacks Mount,” was published in Board IQ on October 6, 2020.