There is no doubt that Directors and Officers (D&O) insurance claims have reached unprecedented levels in recent years. With the addition of the global COVID-19 pandemic, an already tumultuous D&O insurance environment has the potential to get much worse. In fact, two securities action suits directly related to COVID-19 have already been filed and surely more will follow. As insurers react to the COVID-19 crisis, there could be hidden policy changes creating unnoticed gaps in a company’s D&O coverage. It is prudent that companies review their current and future D&O policies for exclusions on COVID-19-related claims, cyber-related D&O claims, and bodily injury claims to assess the completeness of their insurance coverage.

During this uncertain time, ensuring your D&O insurance policy fully meets your company’s needs is essential. Company management should use this time to ensure complete understanding of their D&O insurance policy to avoid lapses in coverage. There are some coverage-related issues expected to arise in response to the COVID-19 crisis. In general, go-forward insurance policies may broaden COVID-19-related exclusions. This poses a problem for D&O policies because they are primarily written on a claims-made basis. Claims-made policies cover claims based on the date they are reported rather than the date the event occurred. Therefore, a claim reported in upcoming policy periods would be covered by a future D&O policy, not the current in-force policy. If new exclusions exist upon renewals, future reported COVID-19-related claims may be excluded under the future policy. It would also be excluded from the current policy because that coverage has ended, leaving the company vulnerable to assuming those costs.¹

However, claims-made policies also include a “notice of circumstance” provision, which allows a policyholder to notify their insurer of a potential claim during the policy period. This action is considered a coverage trigger even if the actual claim is reported after the policy ends. If the insurer is properly notified, a future reported COVID-19-related claim could theoretically be covered by the current D&O policy without any COVID-19 exclusions in place. For example, future claims could arise associated with alleged breach of directors’ fiduciary duties in response to COVID-19 as a whole. A notice of circumstance to your insurer during the crisis could relieve the company from bearing any significant legal costs.²

As COVID-19 fears increase, so too do COVID-19-related cyber attacks. Massive cyber breaches could lead to significant loss in a company’s reputation and value, which in turn could trigger securities action lawsuits. COVID-19 has already led to cyber attacks against the World Health Organization and a U.K. vaccine-testing lab battling the health crisis, Hammersmith Medicines Research.³ Further, many companies may currently be experiencing cyber security difficulties as enormous numbers of employees temporarily work from home. Historically, D&O claims arising from cyber incidents are covered by a company’s D&O policy. However, insurers have been attempting to exclude these cyber-related losses from traditional insurance policies. Companies must take immediate measures to ensure COVID-19-related D&O claims arising from cyber attacks are sufficiently covered by their insurer.⁴

Upon renewal, companies should review their D&O policies for new cyber-related exclusions to avoid inadvertent lapses in coverage. If new exclusions exist, companies need to consider purchasing a cyber insurance policy to fill the coverage gap. Companies could also attempt to preserve D&O coverage from a past policy without a cyber-related exclusion by sufficiently notifying their insurers of a potential claim. In the midst of the epidemic, these coverage gaps could go completely unnoticed and leave the company vulnerable to potentially significant litigation costs.⁵

Management should also review their D&O insurance policy for an important bodily injury exclusion. D&O policies have exclusions associated with bodily injury claims as they are covered by the company’s commercial general liability (CGL) policies. These policies could exclude future COVID-19-related claims under this exclusion because these claims are associated with a bodily injury. Further, the company’s CGL policy could also exclude these claims because some policies have a communicable disease exclusion, leaving the company completely vulnerable to a future COVID-19-related D&O claim.⁶

However, COVID-19-related claim coverage could depend on the specific phrasing of the policy’s bodily injury exclusion. D&O policies with the broad bodily injury exclusion preamble of excluding claims “based upon, arising out of, or attributable to any bodily injury” have historically given insurers standing to deny coverage.⁷ To mitigate this, company management should ensure this exclusion is written with the narrower preamble as excluding claims “for” a bodily injury. This form gives insurers less power to deny coverage using this exclusion, especially in cases where D&O exposure is clear. This could be the difference between significant COVID-19-related litigation being covered by your D&O insurer or assumed entirely by your company.

The COVID-19 pandemic has already provided many important lessons in a variety of fields: politics, healthcare, education, travel, and insurance. While the world seeks to learn more about the COVID-19 health crisis, companies need to learn its impact on potential D&O claims and understand how their current D&O coverage will respond.