The Expanding Cyber & D&O Risk Landscape in 2026

As we move through 2026, the risk environment across Specialty Lines continues to evolve at pace. Our latest report, developed in collaboration with our claims specialists and legal panel, highlights how cyber, governance and regulatory exposures are becoming increasingly interconnected.

Cyber: It’s No Longer Just an IT Risk

Cyber threats remain a primary concern - but the more significant issue now lies in the ripple effects of cyber events.

We are seeing:

• Business interruption extending well beyond initial system compromise

• Third-party liability exposures following supply chain disruption

• Regulatory scrutiny following data incidents

• Reputational damage driving shareholder and stakeholder action
  

The consequence? Cyber incidents are increasingly triggering claims across multiple policies - including D&O, Professional Indemnity and Crime.

Directors & Officers: Expanding Accountability

Directors are facing heightened scrutiny from regulators, investors and stakeholders.

Key emerging pressure points include:

• AI adoption and governance oversight

• ESG disclosures and greenwashing allegations

• Cyber preparedness at board level

• Increased regulatory enforcement activity

The standard of governance expected of boards continues to rise - and D&O claims activity reflects this shift.

What This Means for Organisations

Cyber resilience and board governance are no longer separate conversations. They must be aligned.

For many businesses, this means:

• Reviewing policy structures for unintended gaps

• Stress-testing cyber response plans

• Assessing D&O limits in light of regulatory exposure

• Ensuring clear documentation of board oversight around AI and ESG

Strategic resilience in 2026 requires joined-up thinking across policies and leadership teams.