-
NIS2 fines and D&O or cyber cover
Did anyone see insurers react to NIS2 w.r.t. D&O cover? Will it cover the fines from NIS2? Or are cyber insurers reacting? I haven’t seen it yet.
-
5 Replies
-
@marcin-gajkowski @matthias-tenderich @jack-bassett @judit-tumpek – tagging some of our Europe-based Community Members. Any answers to Tom’s question?
-
Hi Tom,
in Austria fines are per se not insurable by law, however to cover the legal costs of the procedure is possible, therefore it is important no having special exclusions in the defense costs neither in Cyber nor in the D&O. In any case, I don not see at this stage, that insurers are reacting. How is it in your country?
BR Judit
-
Thank you, @judit-tumpek. A very insightful response 🙌
-
Thanks Judit. In The Netherlands it is still legally allowed to have cover for fines from authorities wrt GDPR or PCI (which I personally think should not be allowed). So that is part of all cyber insurances. Also legal assistance is part of the deal. Not sure about D&O as I’m fully focused on cyber only. So I was wondering whether Cyber and/or D&O insurance is expanding to cover NIS2 fines in the future. We haven’t seen any response sofar from insurers.
-
Actually, an interesting question Tom!
In my domestic market, i.e. Poland D&O has become a quite popular insurance product. Historically, the demand was mainly driven by fines & penalties coverage available in D&O policy, mainly because a few civil litigation against D&O’s has been observed (editor’s note: now it is going to change). On the contrary, over the last 10 years the regulatory environment in my country has becoming very unfavorable for business, which was inspired by populist politicians. Accordingly, coverage that includes fines and penalties, as well as accompanying legal costs, has been sought.
It is fair to say that the insurance ability to insure these penalties falls into a gray area. The only consensus is that penalties imposed under criminal law cannot be insured. Of course, D&O insurance covers penalties imposed on D&O’s and not those on the company. However, the lack of an “insured v. insured” exclusion in a Polish D&O policy means that a penalty imposed on a company can be treated as its loss. Hence, the claim for it asserted against the members of the board of directors whose errors and omissions led to the penalty can be well-based.
Getting back to cyber, I hope I was able to clarify that your question about the consequences of NIS 2 for D&O policy providers seems to be on point. Well, at least in Poland, but from what I read in your comment, perhaps also in the Netherlands.
-
-
Log in to reply.
