Dashboard › Topics

Insurance & Risk Management

D&O, cyber, E&O, property & casualty — coverage structures, claims management, and enterprise risk strategy

Primer

Insurance is a company's contractual safety net — but only if the program is structured correctly, maintained carefully, and managed aggressively when claims arise. Too many organizations inherit a legacy insurance program and leave it on autopilot. That is a serious mistake. Insurance is a contract, and like any contract, it rewards those who understand its terms and penalizes those who don't. Lawyers working in corporate, litigation, or risk management contexts need a working command of insurance structures and claims management.

The corporate insurance stack for a mid-to-large public company typically includes: D&O (the most legally critical policy), cyber, E&O/professional liability, EPL, fiduciary liability, commercial general liability, property, umbrella/excess, and a handful of specialized policies depending on the business. The legal function works with the CFO, risk management, and the company's insurance broker to ensure the program matches the company's actual risk profile — not last year's profile.

D&O insurance is the policy that corporate lawyers must understand most deeply. Side A (individual directors and officers when the company can't indemnify) is the most critical coverage for executives — it sits in their personal risk zone. Side B reimburses the company for indemnification it pays out. Side C (entity coverage) applies to securities claims against the company itself. Understanding the interplay between Sides A, B, and C — and how defense costs erode limits — is essential for structuring adequate protection and advising directors on their personal exposure.

Cyber insurance has become equally critical. The market has hardened dramatically since 2020. Insurers now require extensive security questionnaires, and gaps between questionnaire representations and actual security controls can void coverage. The underwriting process must be treated as rigorously as any other material representation — and legal counsel should be involved in reviewing the accuracy of representations before they are submitted.

When claims arise, the legal role shifts to claims management: notice must be given properly and promptly, the duty to cooperate must be honored, coverage counsel engaged where appropriate, and the relationship with the insurer carefully managed. Coverage disputes — insurers denying claims or asserting exclusions — require experienced coverage litigation counsel and a willingness to litigate when necessary.

D&O Insurance

Reference topics — deep-dive primers coming soon

  • Side A coverage: Protects individual directors and officers when the company is legally or financially unable to indemnify; most critical for executives personally
  • Side B coverage: Reimburses the company for indemnification payments made to directors and officers; subject to company retention/deductible
  • Side C (entity) coverage: Covers securities claims brought directly against the company; erodes limits available for Side A/B
  • Dedicated Side A excess: Standalone Side A-only tower (often DIC — difference in conditions) above primary to protect individuals without Side B/C erosion
  • Tail coverage (EPRP): Extended reporting period for claims made after policy expiration for pre-expiration acts; critical in M&A, change of control, and runoff scenarios
  • Cliff vs. step-down policies: Cliff policies provide full limits even if company goes bankrupt; step-down policies may reduce limits on insolvency — counsel must know which applies
  • Retention structure: Company retention applies to Sides B and C; no retention for Side A in properly structured programs
  • Securities class action exposure: Largest driver of D&O claims for public companies; settlement costs and defense costs both count against limits
  • Derivative demand coverage: D&O covers demand investigations and derivative litigation; ensure demand review committee costs are covered
  • Conduct exclusions: Fraud and deliberate malfeasance exclusions apply — but only after final adjudication; interim defense coverage is preserved
  • Interlock of D&O with indemnification agreements: Corporate indemnification agreements are the primary obligation; D&O is backstop — counsel should ensure both are consistent

Cyber Insurance

Reference topics — deep-dive primers coming soon

  • First-party coverage: Business interruption, data recovery, ransomware payment, crisis management, forensic investigation — direct costs to the insured
  • Third-party coverage: Regulatory defense and penalties, privacy liability, network security liability — claims from customers/partners/regulators
  • Incident response panel: Most cyber policies include a pre-approved panel of forensic firms, breach counsel, PR firms, and notification vendors — get familiar with the panel before you need it
  • Sublimits: Many policies have sublimits for ransomware, social engineering, and regulatory fines — examine these carefully; aggregate sublimits may leave significant gaps
  • Application warranty risk: Underwriting questionnaire answers become warranties in many policies; material misrepresentation voids coverage — counsel must ensure legal/IT review the application
  • War exclusions: Nation-state cyberattacks may trigger war exclusions; market has not fully resolved this question post-NotPetya litigation
  • GDPR/CCPA regulatory coverage: Verify that regulatory fines and defense costs under privacy laws are covered; some policies exclude regulatory penalties
  • Notification cost coverage: Ensure breach notification costs (legal, postal, call center) are covered; these escalate quickly in large incidents
  • Coinsurance and retention: Cyber retentions have increased dramatically; model your probable maximum loss against your retention before signing

E&O / Professional Liability

Reference topics — deep-dive primers coming soon

  • Technology E&O: Covers claims arising from software/technology products failing to perform as warranted; critical for SaaS and tech companies
  • Professional services coverage: Covers negligence in performing professional services; ensure scope aligns with company's actual service offerings
  • Claims-made trigger: E&O is claims-made — must have coverage in place when claim is made, not when act occurred; retroactive date is critical
  • Prior acts coverage: Retroactive date determines how far back coverage extends; avoid gaps when switching carriers
  • Bundled vs. standalone: Some companies bundle tech E&O with cyber; understand which limits apply to which claims
  • Defense within vs. outside limits: "Defense within limits" (DWL) policies erode your indemnity limits with defense costs; outside-limits defense preserves full indemnity

Property & Casualty / Other Lines

Reference topics — deep-dive primers coming soon

  • Commercial general liability (CGL): Covers bodily injury, property damage, personal and advertising injury; foundational policy for physical operations
  • Umbrella/excess: Sits above primary CGL, auto, and employers liability; increases aggregate limits for catastrophic events
  • Employment practices liability (EPL): Covers wrongful termination, discrimination, harassment, wage-and-hour (check exclusions); essential for any employer
  • Fiduciary liability: Covers ERISA claims arising from benefit plan management; separate from D&O; required if you have a 401(k) or defined benefit plan
  • Directors' and officers' tail at M&A: Seller's D&O tail (runoff policy) is a standard closing deliverable in M&A; negotiate length (6 years) and cost cap in the merger agreement
  • Business interruption: Triggered by physical damage under most property policies; pandemic-era litigation clarified that non-physical BI is typically excluded
  • Reps & warranties insurance (RWI): Provides recourse against breaches of seller's reps in M&A without claims against seller; buy-side RWI has become market standard in PE deals

Coverage Disputes & Claims Management

Reference topics — deep-dive primers coming soon

  • Notice requirements: Give prompt notice of claims and potential claims; late notice is the most common coverage defense — calendar all policy notice deadlines
  • Duty to cooperate: Policyholder must cooperate with insurer's investigation; failure is a coverage defense — balance with litigation privilege considerations
  • Reservation of rights: When insurer accepts defense under a reservation, coverage is disputed — engage coverage counsel immediately and consider independent defense counsel
  • Concurrent causation: Multiple causes of loss may implicate multiple policies or exclusions; coverage counsel can navigate priority and allocation issues
  • Bad faith: Insurer unreasonably denying or delaying claims may give rise to bad faith claims; varies by state but is a powerful negotiating tool
  • Allocation in multi-year claims: Long-tail claims (environmental, asbestos, sexual abuse) may implicate multiple policy periods; "all sums" vs. "pro rata" allocation
  • Coverage counsel vs. defense counsel: Defense counsel appointed by insurer represents insured's interests in the underlying matter but not in coverage dispute — separate coverage counsel is essential when coverage is contested
  • Subrogation: Insurer has right to step into insured's shoes after paying claim; counsel must preserve subrogation rights and avoid releases that eliminate insurer's subrogation

Enterprise Risk Management & Renewal

Reference topics — deep-dive primers coming soon

  • ERM framework: Enterprise risk management — identify, assess, prioritize, and mitigate risks across the organization; legal counsel's role is legal risk owner and key risk committee participant
  • Risk register: Maintain a living inventory of material legal and operational risks; feeds into D&O/securities disclosure and insurance program design
  • Renewal cycle: Begin renewal process 90–120 days before expiration; compile loss runs, financials, and risk improvement narrative for underwriters
  • Broker relationship: The broker works for the policyholder, not the insurer; leverage the broker's market access and advocacy; evaluate broker annually
  • Benchmarking: Compare your program structure and limits to peer companies (same sector, size, risk profile); brokers can provide data
  • Captive insurance: Large companies may self-insure certain risks through captive subsidiaries; tax efficiency, control, and long-term cost savings — but requires sophistication and capitalization
  • Post-claim program review: After any significant claim, conduct a post-mortem: did coverage respond as expected? Were there gaps? What changes are needed at renewal?
  • RWI in M&A: Representations and warranties insurance — typically buy-side policy covering seller's rep breaches; underwriting process is detailed; exclusions (known breaches, fraud) must be carefully negotiated

Latest Alerts

Loading alerts…

View all insurance & risk alerts →

Recommended Resources