Director Shield explained, in twelve minutes

A board member of a public company can be sued personally for a cyber incident. This is not a hypothetical. It is the SolarWinds derivative settlements, the T-Mobile follow-on actions, the Caremark line of cases revived for the cyber era. The exposure is real, the precedents are accumulating, and the policies most directors think they have are not the policies they actually need.

Director Shield is our endorsement to the D&O tower. It is a board-level coverage built for one specific risk: personal liability of named directors arising from a cyber failure of the issuer. Not the company's loss, the director's.

The exposure, in two sentences

A director who approves a cyber budget, signs a disclosure, or sits on the audit committee while a cyber incident is in the public record can be named in a derivative suit. The director's personal D&O coverage is the policy that responds, and that policy was written for accounting failures, not for cyber failures, and the gap shows up exactly when the director needs the coverage most.

What goes wrong with stock D&O

Three things, in our reading of fifty 2025 to 2026 D&O tower placements.

First, the side-A coverage for non-indemnifiable loss assumes the corporation cannot indemnify. That is correct for fraud. It is wrong for a cyber failure where the corporation chose not to indemnify, often because the corporation is itself the lead defendant. The director ends up arguing two carriers at once: the corporate D&O and their personal coverage.

Second, the cyber exclusion. Most 2025 D&O policies added one. The wording varies. The intent is the same. If the underlying allegation references "cyber, ransomware, data breach, network compromise, or artificial intelligence system," the carrier reserves the right to deny. We have seen four denials this year on this clause alone.

Third, the duty-to-defend default. D&O is usually duty-to-indemnify. The director pays counsel and then asks for reimbursement. That works for an accounting restatement that takes 18 months. It does not work for a cyber regulatory inquiry that demands a written response in 30 days.

The director ends up arguing two carriers at once.

What Director Shield does differently

Three changes. We worked them out with Chubb over six months.

One. The grant is on the director, not the company. We name the insured by role: every elected director of the named organization, plus the Chief Information Security Officer where the bylaws give the CISO board-equivalent reporting. The trigger is a claim against the named individual. The company is not in the chain.

Two. Duty to defend, with panel counsel selectable from a board-approved roster the director helps build at policy inception. The director picks the lawyer at issuance, not in crisis.

Three. A standalone cyber-incident retention. The retention runs against cyber claims only. The director's standard D&O retention is preserved for non-cyber matters. A board member who has one cyber inquiry and one unrelated derivative suit in the same year does not stack retentions.

What it does not do

Director Shield is not the corporation's cyber policy. It will not pay ransom. It will not pay forensic remediation. It will not pay business interruption. Those are AgentShield Pro and Jencap-Bind coverages, depending on segment.

It will pay defense costs, settlements, and indemnity for a named individual sued in their capacity as a director or board-equivalent officer, where the allegation references a cyber failure. That is the entire promise.

Who needs it

We have placed Director Shield for three buyer profiles in the last quarter.

The first is a public-company audit committee chair who already had a $20M D&O tower and added Director Shield as a $5M ring fence. Cost in the low six figures. The chair wanted the duty-to-defend trigger and the standalone retention. Neither was available on the existing tower.

The second is a private-equity sponsor with eleven portfolio company board seats and a one-line cyber budget across the platform. We wrote a master Director Shield policy attaching to all eleven, priced on the consolidated exposure, with side-A limits per portco. Cost per portco was a fraction of writing eleven standalone policies.

The third is an early-stage AI startup whose technical co-founder sits on the board. The co-founder is now personally liable for cyber decisions they make as an officer. The board's D&O tower has the standard cyber carve-out. Director Shield fills the gap. The premium is small, the exposure is everything.

How to bind it

Talk to your wholesale broker about a Director Shield endorsement. We will need the current D&O tower structure, the names of the directors to be covered, and an outline of the company's cyber governance. We return a quote in 72 hours. Binding is a one-page endorsement to the existing tower or, where the existing tower carrier refuses to coordinate, a standalone Director Shield policy on Syba paper.

Boards that read this and do nothing have made a decision. Boards that read this and ask one question of their broker have made a different decision. Both decisions are now in the record.