Companies, cooperatives, hospitals, foundations, associations and other legal entities in the economy are managed by individuals who are responsible for how they carry out their duties. Holding a management or supervisory position is not only a prestigious position and an opportunity to influence reality, but it also entails numerous duties, great responsibility and high risk.

Under the law, members of management bodies are liable to the entity in which they hold office for damage caused by an act or omission contrary to the law or provisions of the articles of association or the company agreement. The law provides for extensive liability of managers not only towards the entity in which they hold their position, but also towards third parties. Regulations governing the liability of managers are found, inter alia, in the Commercial Companies Code, the Penal Code, the Civil Code, the Bankruptcy Law, the Tax Ordinance, the Cooperative Law, and other numerous legal acts regulating the functioning of individual entities operating in various economic areas.

Directors and Officers liability (D&O) insurance protects the insured against a claim made against them for improper actions arising out of their managerial or supervisory role. In the event of a claim, the policy will first cover the costs of legal defence against the claim and, if the case is settled, it will cover any damages awarded in court or by settlement between the parties. The insurance protects against civil claims, criminal proceedings, administrative proceedings, bankruptcy, payment of public debts, liabilities to creditors, claims for breach of employee rights and others.

Cyber risk insurance has been called the property insurance of the 21st century. Just as it is difficult to imagine a factory that does not insure its assets against fire, it is becoming increasingly difficult to imagine a company operating in the virtual space that does not insure the data it processes, including personal data.

Ransomware, phising, malware, viruses, Trojan horses - these are not all the threats lurking on the money of companies or institutions. There is no perfect security, and in the game with criminals we are always one step behind.

According to specialists from the IT security sector, in order to feel safe, a company's annual expenditure should be at least PLN 2,000,000. PLN 2,000,000. How many companies can afford it?

Purchasing insurance against fire and other fortuitous events does not guarantee avoiding fire. The same applies to CYBER insurance. We do not minimise the risk in this way. However, insurance allows us to transfer the adverse effects of a cyber incident, including financial ones, to the insurer. Thanks to such risk transfer, we have a chance to minimise damages resulting from actual losses and lost profits. In addition, publicised information about a data leak or paralysis of a company caused by a cyber incident can seriously damage a company's reputation and loss of trust.

The EU Data Protection Regulation provides for particularly severe penalties for personal data protection regulations breaches - up to €20,000,000 or 4% of annual total global turnover.

CYBER insurance is a hybrid product, consisting of several segments.

Within the scope of protection offered, we can obtain coverage for the costs of:

• legal defence against third party claims,
• notification of persons whose personal data have been disclosed,
• hiring a PR agency for image rehabilitation and incident management,
• IT specialists:

• • as ongoing support during the incident and afterwards,
  • to regain access to the system,
  • to detect where the data went and how they are being used,
  • ransom for unlocking the system (decryption),
  • administrative penalty imposed on the company,
  • legal service in the proceedings conducted by UODO (Personal Data Protection Office);
  • business interruption:

• • • increased operating costs,
    • lost profit.

Until recently listing a company on the Stock Exchange was perceived as the most attractive form of raising capital. It affected the credibility of the company and its positive image. The development of capital markets reached an unprecedented scale, which meant that commercialisation of companies began to be associated not only with prestige, but also with high risks. When the euphoria fades, investors take a particularly close look at prospectuses for their plans, promises and investments, then compare them with the results obtained.

It happens that the value of shares in relation to the first day of quotation falls by several dozen per cent, and therefore errors in the prospectus, on the basis of which the debut took place, may be the basis for claims for compensation of losses. Cases of this type have already occurred on the Polish market.

What does the protection cover?

The basic scope of the protection includes

• adjudicated damages,
• image repair costs,
• contingency costs,
• costs of audit proceedings,
• costs of preliminary investigations.

The insurance can cover the issue of various types of securities, including non-traded shares or bonds.

Who is covered?

The insured may include the company, company managers, and persons directly responsible for issuing securities and preparing the prospectus. The insurance contract is generally concluded for an insurance period of several years. The insurance can provide cover for both an Initial Public Offering (IPO) and a Secondary Public Offering (SPO).

Public Offering of Securities insurance policy provides comprehensive protection against the financially adverse consequences of claims. The product can be treated as an excellent supplement to D&O insurance for a company that decides to issue securities to the public.

Many entrepreneurs have experienced that in the course of business their companies have been damaged by dishonest practices on the part of their employees. Company assets often become a temptation to improve one's material status. Statistics show that only around a dozen percent of the amounts lost as a result of misappropriation are ever recovered. Such situations can seriously damage the budget of any business. It is worth remembering that even the strictest internal regulations of the employer are not able to provide full security against dishonesty of people from the "inside" of the organisation.

Insurers meet the expectations of companies worried about employee theft by offering an misappropriation risk policy. This product protects businesses from the consequences of employee dishonesty by transferring the risk of negative consequences of employee dishonesty onto the insurance company.

Events, the effects of which may be covered by the policy

• theft of property,
• use of company assets for private purposes,
• forgery,
• computer crime,
• falsification,
• social engineering fraud (impersonation),
• social engineering.

Social engineering

So-called social engineering (socio-technical fraud) is a particularly important insurance coverage. In this respect, the insurance covers situations in which criminals impersonate a manager, for example, and manipulate an employee into granting access or transferring money into accounts that have been falsified. By extending protection in this way, crime policies respond to the growing incidence of fraud by impersonating managers.

Who is the policy for?

The target of the policy may be any company, which in the course of its business is exposed to theft of property, cash or other risks indicated above.

Professional indemnity insurance

Due to the special nature of their business, many companies are exposed to the risk of claims being raised against them arising from the provision of professional services. The insurance market provides protection for such events - professional indemnity insurance.

The basis for claims against companies providing professional services may be:

• breach of an obligation,
• malfunction of a created application, programme, service,
• unintentional violation of privacy, confidentiality, rules of fair competition or personal rights,
• consequences of gross negligence,
• liability for employees or subcontractors,
• damage caused to contractors, clients and subcontractors.

What will the policy cover?

The insurance covers damage caused to third parties in connection with professional activity of the entity insured. The damage may arise from non-performance or improper performance of an obligation.

The insurer covers the costs of defence resulting from a claim based on professional liability, the costs of an adjudged compensation or a settlement concluded by the parties. Additionally, court appearance costs, crisis management costs and PR costs may be covered. It is worth noting that more and more often professional liability policies are required in contracts concluded by the parties to a service provision agreement. At the same time, they are a confirmation of the service provider's reliability and may constitute a competitive advantage.

Who can benefit from professional indemnity insurance?

Many companies can benefit from professional indemnity insurance, but we particularly recommend it for IT companies and financial institutions.

Every year, Poland records from a dozen to several dozen kidnapping attempts motivated by the desire of criminals to obtain a ransom. Most often the targets of attacks are wealthy persons, including company managers, owners of enterprises, as well as their family members. The risk also concerns employees who are sent by companies on business trips abroad, including dangerous places in the world. It is worth bearing in mind that the insurance market offers a kidnap and ransom policy, which can help manage the incident and transfer the cost of the ransom to the insurance company.

Who can be covered?

• company officers, owners and their families,
• employees,
• visitors to company facilities,
• persons directly involved in the negotiation or delivery of the ransom.

What does the policy cover?

• the value of the ransom paid,
• security costs,
• rehabilitation costs,
• remuneration of negotiators,
• reward for an informer,
• costs of crisis management consultants,
• costs of public relations consultants.