D&O litigation: From mismanagement to misstatement claims – Insurance Business
Event-driven litigation is changing the game for public company directors & officers (D&O) insurance. Shareholders today are using loss-driving events, such as sexual harassment claims, data breaches, or even physical fires, to bring securities class action lawsuits against public companies in the US. This has resulted in unprecedented levels of public company D&O litigation, both from a frequency and a cost perspective.
Securities laws are governed by the Securities and Exchange Commission (SEC) and they exist to protect investors, maintain fair markets, and facilitate capital formation. Essentially, their primary purpose is to provide transparency and prevent misstatements so that investors have all the information they need to make an investment decision. These laws were not created to prevent organizational mismanagement (often the root cause of event-driven litigation), and yet, plaintiff attorneys are managing to blur the lines and bring securities class action lawsuits over significant events.
“This is a very difficult burden for public corporations to carry,” said Kevin Gadbois, executive vice president of claims, executive liability of Great American Insurance Group. “Whereas an event like a fire or a data breach used to be a derivative case that was protected by the business judgment rule – which states that as long as you run your company in good faith, you’re protected from a liability lawsuit – now it’s being treated as a misstatement or nondisclosure case.
“Plaintiffs are essentially saying: ‘We’re not suing you on the business judgment rule. But every time your business doesn’t perform the way it should, we’re going to sue you for nondisclosure because you didn’t tell us that ahead of time.’ That’s a very difficult standard to hold directors and officers to. It takes out the business judgment rule and turns the suit into a ‘Who said what, and when?’ type of claim – and the plaintiff’s bar can extract huge settlements on that type of litigation.”
There has been a sharp rise in cyber-related event-driven litigation in recent years. Public companies are spending astronomical sums of money, time and effort on shoring up their cyber defenses and making sure their systems are secure. They’re disclosing these actions to the market and to their shareholders, and they’re being transparent about the steps they’re taking to protect information. And yet, the ever-evolving nature of cyber risk dictates that even the most prepared companies can suffer a data breach. If and when that happens, shareholders are now able to turn that data breach event into a nondisclosure claim by arguing that the company didn’t tell them their procedures and their defenses might not be good enough.
“Plaintiff attorneys have been able to successfully turn mismanagement claims into misstatement claims, and that’s very difficult for insurers because we can’t underwrite to that,” Gadbois told Insurance Business. “We underwrite in the D&O world by looking at financial statements and assuming they’re correct. It’s very difficult for us to ask what a company is doing about data security, to listen to the efforts they’ve made, and then question: ‘What if you’re wrong? And did you tell your shareholders you might be wrong?’ That’s a very hard thing to underwrite because it’s an unknown.”
As an example, Gadbois pointed toward the opioid situation in the US. Nobody is alleging that the huge drug companies lied about the amount of drugs they were selling. Their financial statements were accurate, the revenue figures they provided were accurate, and shareholders could look behind those revenue figures and see where revenue was coming from.
“For shareholders to now come back and say: ‘We’re not suing you because you lied to us about the amount of drugs you’re selling. We’re suing you because of the harm that it caused on society. Also, you should have told us that selling these drugs could have further societal implications.’ That’s very difficult for a drug company to do, and it’s very difficult for insurers to underwrite to,” Gadbois commented.
The current litigation environment is quite the minefield for public companies in the US. Those unfortunate enough to get caught up in a securities class action suit face what most would deem to be a lose-lose situation. Many choose to settle rather than fight suits because of the huge defense costs they would have to pay. As Gadbois put it, the US legal system is “not set up to efficiently resolve problems.”
“It’s a very expensive system to navigate, so companies are forced to settle due to the astronomical cost of the litigation itself,” he said. “It’s all about the unknown at the end of the day. If you’re involved in an opioid lawsuit and you’re being sued for billions of dollars, it’s a very difficult case to try, because if you lose, that could destroy the company. Public companies settle 99.9% of the time because the cost of litigating these suits and the risk of losing them is very problematic.”