More than a quarter of businesses have experienced an investigation involving a director of their company

Corporate investigations are on the rise, with over a quarter (27%) of businesses saying they have experienced a claim or investigation involving a director of their company in the past year, up from one in five in 2014. This is according to the latest Directors’ Liability Report by Allen & Overy and Willis Towers Watson. The research asks directors and officers about personal exposure to risk, their experience of claims, current levels of protection, and concerns around liability going forward.

When asked about the greatest risks facing their businesses, 71% of respondents said regulatory and other investigations top their list of concerns, for the fourth consecutive survey. This was followed by the risk of a cyber-attack (66%) and data loss (58%), both new entries which knocked anti-corruption legislation (including the Bribery Act) and criminal and regulatory fines and penalties (both 43%) off second and third place.

Joanna Page, Partner at Allen & Overy, comments: “In 2015, the UK’s prosecutors and regulators levied close to GBP 1billion worth of fines and penalties on companies and so directors are right to have this as a top concern.

“The regulatory pressure on companies shows no sign of abating and in fact we have witnessed a whole swathe of new regulations that directors and officers must contend with, and so personal protection is becoming increasingly important.”

Cyber-security is a high profile issue for business leaders, with nearly a third (31%) revealing that their companies have experienced a cyber-attack or loss of data significant enough to have been brought to the attention of the Board in the past year. This figure jumped to 39% in the public sector, compared to 10% in the private sector.

Francis Kean, Executive Director, Willis Towers Watson, comments: “We asked specifically about significant cyber-attacks but even then we suspect that the number of serious breaches is much higher than reported. The concern here is that companies don’t always know either at a senior level - or in some cases at all - that they have been hacked.  Perhaps of equal concern for senior managers is that they don’t always understand their personal liability.”

“Directors should be taking steps to inform themselves about the risks posed to their companies and how to mitigate those risks so as to minimise their exposure in the event of a claim. They cannot delegate their duties of oversight and, as we are seeing over and over again with different areas of responsibility, they are increasingly being held to account.”