Newsletters
Risk Central
Digital Edition3 Things Risk Professionals Are Getting Wrong About D&O Reputation Risk
I think about reputation risk a great deal. Obsessively, one might say—though in fairness, when you spend your career watching boards and executives discover the concept the hard way, patterns do emerge.
Stakeholder reactions are not acts of God
Between an adverse event and its financially consequential stakeholder reaction, there is a gap—one filled not by physics but by human judgment. Stakeholders choose whether to boycott, quit, strike, sell, debank, fine, deny operating permits, or mount a D&O humiliation campaign. They may choose poorly. They may choose irrationally. But they do choose, which means the gap is an invitation to manage reputation risk; and a gap’s extended duration is the benefit of preemptive reputation risk management. The bottom line: reputation risk is manageable rather than merely meteorological.
This matters enormously to risk professionals. Risks that can be anticipated, measured, and governed can also be financed and transferred. The insurance industry has been transferring actuarially quantifiable risks since Lloyd’s was a coffee house. With the benefit of parametric technology, D&O reputation risk now clears that bar.
D&O liability insurance does not cover D&O reputation risk
Most risk managers are comfortable with the D&O liability framework—the one built to address legal liability and the coercive power of litigation. That infrastructure is mature, well-priced, and adequate for what it covers.
It does not cover what is increasingly happening. Investor activists, social campaigners, litigators, and political actors now target directors and officers individually and by name, using public pressure and social media to inflict reputational harm regardless of legal outcome. Career damage, lost board seats and personal embarrassment are the tools; no lawsuit required.
Evidence of the shift is not subtle. Internet references coupling “incompetent” with boards of directors have doubled in five years. Crude personal attacks on executives—literally, “jerk” and even more unsavory epithets, have surged by factors of eleven to sixteen times. Internet searches for “corporate governance risk” and “reputation insurance” each rose more than 2,000% in eighteen months. These are not random fluctuations.
The governance failures alleged in most major D&O liability claims—the board decided wrong—have acquired a nastier companion claim: the board couldn’t help itself. Personal culpability, asserted loudly and publicly, is now a governance risk in its own right, and it sits outside the coverage perimeter of conventional D&O insurance.
Boards that ignore this face a compounding exposure
Leading firms have responded with recognizable risk-management tools: board-level reputation committees (HSBC, Volkswagen, AstraZeneca, UnitedHealth Group), reputation metrics embedded in enterprise risk frameworks (per Heidrick & Struggles), and purpose-built D&O reputation insurance covering personal losses—what the product literature calls “professional disability.”
In 2025, both the American Law Institute and the Directors and Chief Risk Officers Risk Governance Institute began recommending reputation insurance. When governance bodies recommend a coverage category, the subtext for brokers and risk managers is clear: the absence of that coverage will eventually be noticed, and not favorably.
A board that has neither governed its reputation risk nor transferred it has a plausible negligence story forming against it—in the court of public opinion first, and potentially thereafter in courts of a more formal variety. For risk professionals, the practical question is not whether this exposure exists. It is whether the risk management and insurance program currently addresses it.
