The Directors’ and Officers’ (D&O) insurance market for Australian policyholders experienced a period of positive transition in 2025, supported by sustained capacity from both local insurers and Lloyd’s markets.
Premium reductions of 15 to 40 per cent were commonplace, depending on industry sector, individual company performance and risk profiles. These market dynamics have been welcomed by businesses navigating a difficult economic climate marked by persistent inflation and rising interest rates, both of which have put pressure on financial results. Due to elevated claims activity and increased insolvencies, the construction, food and beverage, healthcare, and technology sectors have experienced higher D&O rates.
Moving into 2026, the D&O landscape is likely to experience change in market conditions given increased regulation, rising litigation, and scrutiny from the Australian Competition & Consumer Commission (ACCC) and Australian Securities and Investments Commission (ASIC) which is prevalent, especially in the areas of cyber, privacy, class actions and greenwashing.
Whilst 2025 was the year to obtain broader coverage and achieve premium reductions with alternate markets, caution is advised going into 2026 regarding new market entrants whose approach to claims remain untested and who appear focused on profitability amid volatile equity markets and increasingly complex disclosure requirements.
In 2026 it is expected that there will be movement away from Shareholder Class Action (SCA) filings and instead towards Shareholder Derivative Action (SDA) claims in respect to governance and compliance issues, as shareholders and funders have increasingly faced challenges in transforming liability findings into compensable damages. With increased SDA claims, we can expect to see increased claims frequency and severity, rising defence costs, pressure on loss ratios and reserving, reduced underwriting appetite for certain sectors (e.g. financially distressed companies), and policy structure and coverage implications. Insurers will have heightened focus in 2026 on the governance and financial health of organisations.
The overall risk environment continues to evolve. Although premium reductions remain common, the pace of premium decreases is slowing. ASIC and the ACCC have become more assertive in pursuing companies and boards for regulatory breaches. As a result, the pricing and availability of D&O insurance may be subject to further volatility with upcoming regulatory and litigation risks at the forefront of underwriter’s minds.
Artificial Intelligence
AI has introduced a new wave of innovation, reshaped industries and unlocked unprecedented opportunities for efficiency and growth. Yet these advancements have also brought notable challenges for directors who are on the front line and are seeking to protect themselves and their organisations to ensure compliance, navigate ethical risks, and manage potential corporate liability.
Globally, regulators are rapidly enacting strict AI frameworks to govern the development and deployment of AI systems and there is also heightened regulatory scrutiny of AI washing (where businesses inflate claims about their AI functionality).
The implications for directors and officers are summarised below:
- Regulatory non-compliance
- Financial, legal, and reputational harm
- Algorithmic bias
- Data privacy violations
- Emerging litigation risks.
Insurers are placing greater emphasis on corporate AI governance during underwriting with the key factors affecting premiums and the availability of coverage including:
- The organisation’s history of regulatory compliance.
- The strength of its AI oversight mechanisms, including auditing procedures and accountability frameworks.
- The use of high-risk AI systems in sensitive sectors such as healthcare or finance.
To effectively manage the risks linked to AI, directors and officers should take proactive steps that encompass compliance, governance, and ethical oversight in order to position themselves for success. Companies that can demonstrate robust governance practices are more likely to obtain favorable underwriting terms and lower premiums.
We reported on new guidelines published by the Australian Cyber Security Centre to assist businesses engage with AI here.
Cyber and privacy risk
The Australian Government introduced its first standalone cyber security legislation, with the purpose of enhancing the security and resilience of Australia’s cyber environment and critical infrastructure and addressing the proposals set out in the 2023 – 2030 Cyber Security Strategy. In May 2025, the Australian Government introduced a mandatory ransomware reporting regime for businesses with turnover of $3M or more, and for entities responsible for Critical Infrastructure (for more information see our article here).
Cyber related attacks have surged, and this is expected to continue into 2026, heightening the risks for D&Os especially within the healthcare, education, logistics and transport, government, critical infrastructure and professional services sectors. The number of cyber threats affecting the construction industry also continues to grow. Common threats range from phishing attacks, ransomware attacks, data breaches, or unauthorised access to critical systems.
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recently released a practical guide for cyber security priorities for boards of directors 2025-26 which can be accessed here. During FY2024–25, ASD’s ACSC notified entities more than 1,700 times of potentially malicious cyber activity – an 83 per cent increase from last year. We released our analysis of the ASD’s Cyber Threat Report here.
Changes to the privacy act were also implemented in 2025. Some of the changes introduced include – a new statutory tort for serious invasions of privacy, enhanced regulatory powers for the Office of the Australian Information Commissioner (OAIC) and targeted criminal offences to respond to doxing. These changes mean we have seen a new set of exposures following data breach events, as most recently outlined in the investigation into Vinomofo Pty Ltd by the OAIC. In this case the Privacy Commissioner concluded that the online wine wholesaler breached its obligations under Australian Privacy Principle 11.1 by failing to implement reasonable security controls which were recommended in a previously conducted security audit.
One of ASICs 2025 enforcement priorities was to pursue AFSL holders failing to have adequate cyber security protections following the RI Advice Case. This extends to oversight by AFSL holders of the cyber security controls maintained by their CARs. There were two enforcement actions taken by ASIC in 2025 towards AFSL holders: FIIG securities and Fortnum Private Wealth Limited.
Many cyber incidents remain preventable through the adoption of basic cyber hygiene practices. The ASD recommends several mitigation strategies with the most effective of these mitigation strategies being the Essential Eight: patch applications, patch operating systems, multi-factor authentication, restrict administrative privileges, application control, restrict Microsoft Office macros, user application hardening and regular backups. Understanding cyber trends and implementing effective protections are essential steps for businesses aiming to navigate the complex cyber threat environment and ensure long-term resilience. See our article here.
Shareholder Class Actions (SCA) and Shareholder Derivative Actions (SDA)
SCA filings have been declining, and it is expected that in 2026 we will see further movement away from these types of filings as shareholders and funders are increasingly struggling to transform liability findings into recoverable compensation as a result of causation and inflationary pressures.
On 7 May 2025, the Full Federal Court delivered its appeal judgment in the Commonwealth Bank of Australia (CBA) case “Zonia Holdings Pty Ltd v Commonwealth Bank of Australia Limited [2025] FCAFC 63.” This case primarily concerned alleged breaches of continuous disclosure obligations and misleading or deceptive conduct against CBA in respect of an alleged failure to keep shareholders properly informed regarding its non-compliance with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act).
While the finding was that CBA had breached continuous disclosure obligations, the court ultimately dismissed the appeal. This was because the claimants were unable to prove relevant awareness of a potential exposure to the Australian Transaction Reports and Analysis Centre (AUSTRAC) enforcement action, thus, failing to establish causation and loss. Despite this, the case has now been remitted for management of the outstanding claims, leaving room for continued litigation on narrower points.
This recent decline in SCA filings does not indicate a corresponding decrease in overall risk, however. Consumer, financial product and employment class action claims are rising and headlining new filings, with class actions against financial services providers, including banks and insurance companies, remaining a significant area of concern.
A surge in SDA claims is potentially anticipated in 2026. This is following a leave application filed in July 2025 by a SkyCity Entertainment (SkyCity) shareholder to commence statutory derivative proceedings in the NSW Supreme Court, which is expected to be determined shortly. The action targets several former D&Os of SkyCity and stems from AUSTRAC’s 2023 enforcement action alleging breaches of anti-money-laundering and counter-terrorism-financing (AML/CTF) obligations. The claim seeks more than $70 million in compensation.
It is expected that insurers may soon turn their focus to high-risk policyholders by offering reduced derivative action cover and smaller sub-limits. This is owing to increased risk exposure for derivative actions in Australia for D&Os of companies that have faced prosecution by ASIC, ACCC, Australian Prudential Regulation Authority (APRA) and AUSTRAC.
Side C action risk still remains a significant factor for publicly traded companies in Australia. Boards must turn their minds to exposures such as litigation and potentially large-scale D&O losses related to misleading or deceptive conduct or breaches of directors’ duties. Given the increased regulatory scrutiny and upcoming developments in the data privacy and climate change landscape, there will be an enhanced focus on greenwashing and climate related disclosures by organisations.
ESG Disclosures
Environmental Social and Governance (ESG) activism will continue to grow in 2026 following the phased introduction of mandatory climate related financial disclosures implemented in 2025 for many publicly listed companies.
ASIC recently released Regulatory Guide 280, providing guidance for entities that are required to prepare and lodge sustainability reports under the new provisions within Chapter 2M of the Corporations Act 2001 (the Act). Reporting entities must now prepare a sustainability report for each financial year including climate statements and directors’ declarations regarding the same. Entities must then have their report audited and obtain the requisite auditor’s report. These new requirements were released in conjunction with the Australian Accounting Standards Boards (AASB) S1 and S2 (September 2024) which sets out both the general requirements for disclosures, alongside mandatory Australian Sustainability Reporting Standards (ASRS).
Consequently, as we move into 2026, board members will increasingly be held accountable to uphold companies’ commitments to environmental and social initiatives by regulators, shareholders and the general public. ASIC and the ACCC have escalated their enforcement warnings regarding misleading or incomplete climate and ESG disclosures. Greenwashing is at the forefront of their minds, with the court outcomes in Mercer and Vanguard setting important precedents.
ESG is now regarded as a material financial risk factor and strategic priority by insurers with high regard given to climate vulnerability, corporate governance and supply chain practices. These practices ultimately affect a companies’ ability to have long-term profitability and remain solvent. There is limited appetite in the market for carbon intensive businesses, with better rates given to those with low-carbon operations in the green infrastructure space.
Sustainability reporting standards will further exacerbate climate change litigation and subsequent D&O losses for non-compliant companies. We expect to see an increase in claims made against companies, and in some cases against directors and officers directly, seeking damages for non-disclosure and or misleading sustainability and deceptive conduct in reporting or marketing sustainability.
Insurers will continue to look favourably towards those businesses with strong disclosures, risk oversight practices, ethics, transparency and board diversity. For further information on reporting thresholds and the consequential risk advisory and insurance considerations to be taken into account, see our recent article here.
Director Penalty Notice’s and insolvencies
Directors must ensure their company complies with all tax and superannuation requirements. In recent years, the Australian Taxation Office (ATO) has substantially increased its debt-recovery efforts targeting company directors. If a company fails to pay specific liabilities, the ATO may issue a Director Penalty Notice (DPN) making directors (current and former) personally liable for the outstanding amounts, disclose business tax debts to credit reporting bureaus or issue garnishee notices.
Collectable debt has grown from $26.5B as at 30 June 2019 to over $50B at 30 June 2025.1 The jump from 26,702 DPNs issued in FY2023-24 to 84,000 issued in FY2024-25 to approximately 64,000 companies demonstrates the recent firm approach by the ATO to enforcement. Additionally, in the 2024-25 financial year 24,000 business debts were disclosed by the ATO to credit reporting bureaus and over 15,000 garnishee notices were issued.
Given that company debts are often large, any personal liability for company debts can often bankrupt directors. This has resulted in a record number of insolvencies recorded across small to medium-sized enterprises (SMEs), with many forced into voluntary administration, liquidation or restructuring. It is expected that levels of insolvency are likely to rise further as businesses look at their financial position and viability going into 2026. ATO debt recovery practices combined with rising operation costs and increased wages despite ongoing labour shortages may force many businesses to close their doors.
For many directors, the personal liability risk has never been higher. With tens of thousands of DPNs issued in a year, the likelihood of being caught out- especially if lodgements or payments are missed – has materially increased. To mitigate the risk of receiving DPNs, directors must have a strong awareness of their company’s reporting systems, financial situation, report their company liabilities on time and ensure all lodgment deadlines are met. This can be done by undertaking early engagement with the ATO to manage payment of company debt. The ATO’s 2025–26 Corporate Plan reinforces that “firmer recovery strategies” will remain a key focus.
Summary
Whilst overall market conditions are favorable and have improved with decelerated premiums and increased capacity, it is unlikely that the current soft market will prevail in 2026 for D&O. Indeed, D&O policies may well be the first product to be affected by the trend towards a hardening market with the catalyst being the potential increasing levels of Shareholder Derivative Actions.
Directors and officers should not be complacent and must plan for future volatility given the increased level of regulation and legal obligations which were introduced in 2025. The increased expectations on directors and officers are not expected to slow in 2026, therefore risk management is of upmost importance. Those focusing on implementing sound ESG practices, cyber security measures, good governance and financial health will be considered in a more favourable light by insurers.
While new insurers may continue to enter the market offering some cost savings, established carriers will maintain stricter underwriting standards and stabilise their rates to avoid potential pitfalls with underpricing. It is unlikely that premiums will continue to decrease at the rapid rates seen in 2025. We consider that the rate of insolvencies and losses likely to materialise as a result may impact appetite here.
Boards must continue to enhance their knowledge and awareness by obtaining the necessary education and support to be equipped for 2026 which is shaping up to be another significant year for directors and officers in Australia.
For further guidance on navigating emerging D&O exposures including cyber, ESG, and AI risks, get in touch with your Bellrock Advisor.
1 Deputy Commissioner Anna Longley’s speech to The Tax Institute Tax Summit
Continue reading our full range of market updates:
- Insurance Market Overview: January 2026
- Claims
- Workers Compensation
- Corporate and Multinational Risk
- Construction, Property and Development
- Financial Lines
