Many directors signed up for a world where board‑level risk meant financial reporting, classic governance failures and the occasional securities lawsuit. That world is gone. As Janik LaChance, HUB International’s chief marketing officer for Quebec, put it during the firm’s 2026 outlook webinar, “The executive and board risk landscape has just completely changed over the last couple of years… and it’s become way more complex.”
Today, a chair can wake up to a data breach in Europe, a whistleblower alleging culture failures on social media and a geopolitical flare-up that strands employees in a foreign city – all in the same week. Traditional playbooks are not built for that.
“We’re past just… securities litigation,” LaChance said. “Regulatory enforcement has really ramped up significantly across cybersecurity, data privacy, and environmental disclosures.” The hot spots now include AI governance errors, workforce‑culture failures and ESG-related missteps.
“Think about data breaches and workforce culture failures or AI governance mistakes,” she added. “These are issues that have become the norm and appear on a regular basis, and they’re not just outlier scenarios anymore.”
She said that geopolitical instability has introduced a new category of exposure that many directors would not have contemplated when they first accepted a board role. At the same time, she noted, social media has dramatically accelerated how quickly reputational crises unfold, often outpacing traditional board decision-making processes.
Yet despite this, there’s still a tendency for some boards to view these as management issues and not necessarily board-level decisions, she said.
“In reality, it really is strategic risk that requires directors to engage directly and not just receive an update or report on something.”
LaChance’s prescription is deceptively simple: start by assessing whether the board actually has the expertise to oversee the risks it faces.
“The organizations handling these well are deliberately strengthening their board… bringing in real experts on cyber, on regulatory complexity, on environmental risk,” she said. Where it is not feasible to seat all that expertise permanently, they bring in “advisors who can explain this to the people in the room.”
A structured fluency audit maps current directors’ skills and experience against the organization’s real exposures: cyber and data privacy, AI, climate and environmental disclosure, geopolitical footprint, and workforce practices. The gaps that surface are not a criticism of incumbents; they are a roadmap for board renewal and targeted advice.
Crucially, that audit should be repeated periodically. Complex risk is not static, and neither should the board’s capabilities be.
The second pillar is how boards think about insurance. In LaChance’s view, treating each policy as a standalone purchase is itself a governance weakness.
“EPLI, D&O, fiduciary liability… all of these are products that you can’t just buy separately,” she argued. “You need to think about them as pieces of an integrated executive risk strategy that you constantly recalibrate every year.”
That recalibration is increasingly being driven by scenario analysis. Clients are scrutinizing their policy terms more because they understand them better, LaChance said.
She said that boards are now modelling event-driven litigation, asking how potential scenarios could affect the organization and how existing insurance coverage would respond. She emphasized that this analysis needs to happen proactively, before any incident occurs.
Seen through that lens, D&O, EPLI, fiduciary, cyber and kidnap‑and‑ransom are not separate pots of protection. They are a single, interlocking response mechanism to complex crises that rarely respect product boundaries.
The payoff from this work is not just better protection for individual directors. Strong governance and the right coverage don’t just protect the leaders; they protect the organization’s ability to make confident decisions under pressure, LaChance said.
“When directors actually understand the exposures, they trust their governance structure and framework, and they know that their coverage is going to respond to the risk of today, they just govern better. They ask the hard questions, they make tougher calls because they have that confidence in place.”
