The management liability market remains competitive as rates have decreased and broader coverage is being offered.
There are 4 main trends:
- Insolvencies and the effects of a sustained higher interest rate environment
- Employment law changes
- Cyber risk
- Increasing regulatory landscape including action taken by the Australian Tax office
Insolvencies
There have been a significant number of insolvencies in 2024 at the SME level. The industries worst affected include construction, retail, professional, scientific and technical services and manufacturing.
As record numbers of insolvencies drive increased action against board directors, insurers are attempting to reduce their exposure to losses by applying insolvency and financial mismanagement exclusions on D&O policies. When these exclusions are applied, boards and individual directors and officers can be left exposed to potential claims which is a major concern.
Insurers are also exercising more caution in respect to their underwriting methodologies, with many reluctant to remove insolvency exclusions in the absence of evidence to demonstrate healthy balance sheets and regular cash flow. It is likely that this tightening of underwriting criteria will remain for the near future, especially when considering the current economic climate and high-interest rate environment.
Employment practices liability
Following recent changes to the Sex Discrimination Act 1984 (SDA) in April 2024, insurers expect increasing frequency and overall quantum of claims made in respect of workplace discrimination.
The Respect@Work amendments, which introduced a prohibition on sex-based harassment in all areas of public life, expanded who is protected by the SDA, and clarified that civil action for unlawful discrimination can be brought on the basis of victimisation. New legislative developments may lead to further qualifying questions by insurers.
The implementation of the ‘right to disconnect’ provisions, which were introduced for non-small business employers from August 26th 2024, require employers to be mindful of the right of their employees to refuse to read or respond to work contact outside of working hours, unless doing so is unreasonable. A non-small business refers to those employers with 15 or more employees at a time. The right to disconnect provisions will not apply to small business employers till 26th August 2025. See further details in our article here.
Under the provisions, contact refers to communication between the employer and the employee, such as emails, calls, and texts. When determining whether an employee’s refusal to respond to work contact is unreasonable, factors such as the reason for the contact and the employee’s role within the business are to be considered. Where disputes regarding an employee’s right to disconnect arise and cannot be resolved within the workplace, the Fair Work Commission may make orders or deal with the dispute in other ways.
Read more about the right to disconnect here.
Cyber attacks
The issues arising from cyber-crime continue to prompt legislative reform and cause insurers to further scrutinise the cyber resilience of businesses.
The new Cyber Security Act introduces a range of new measures and obligations aimed at bolstering protection against emerging cyber threats. One of the most consequential changes is the implementation of mandatory reporting of ransomware payments to the Government for businesses with a turnover exceeding $3M, with fines of up to $15,000 applicable for a failure to report. See our detailed article explaining these developments here.
In order to capitalise on what are otherwise soft market conditions, insureds are increasingly being required to demonstrate they have comprehensive cyber risk management procedures such as business response and continuity plans as well as basic encryption and endpoint protection.
Businesses with high numbers of personally identifiable information (PII) records must especially ensure they develop and maintain adequate cyber resilience to avoid paying exorbitant premiums.
Our full cyber market update can be viewed here.
Statutory liability
A key focus of the Federal Government has been on improving privacy security. The Senate recently passed the Privacy and Other Legislation Amendment Bill 2024 (Cth) on 28 November to introduce reforms for the Privacy Act 1988 (Cth).
These include the provision that serious invasions of privacy can now be a cause of action in tort, as well as clarifying that ‘reasonable steps’ for safeguarding personal information includes the implementation of ‘technical and organisational measures’. Furthermore, the Act introduces criminal penalties for malicious release of personal data online (doxing), and the requirement that the use of automated decision-making processes are referred to within an entity’s privacy policy.
There are civil penalties for a non-serious privacy breach of up to 2,000 penalty units ($660,000) for individuals, and 10,000 penalty units for entities ($3,300,000). The OAIC also has the ability to issue fines for less serious breaches of up to 200 penalty units ($62,600).
Insured’s must be mindful of their potential liability with respect to future claims arising from these new reforms. See our in-depth article on these changes here.
Crime
Employee theft and fraud continues to be a growing issue in Australia per the latest ACFE Report to the Nations 2024, with an estimated annual growth of up to 5 per cent.
The most common form of employee fraud is asset misappropriation, such as misuse of company assets or theft of cash. The report also found that corruption is common where employees may have vendor management responsibilities.
Where businesses experience employee fraud or corruption such as this, insurers heavily scrutinise internal controls and whether awareness training was provided to staff to facilitate the ‘whistle blowing’ or reporting of any instances which come to their attention. It is therefore important to ensure that adequate controls are put in place before a loss is experienced.
Other key factors that underwriters will consider include employee count, asset growth, and loss history.
Insurers and online transacting
We caution that the cover offered by some of the newer entrants to the insurance market is limited by broad exclusions and detractive endorsements.
Over-reliance on using online transacting systems by such entrants when navigating complex risks is resulting in coverage being placed which inadequately describes the nature of your business activities and exposures. Where discrepancies exist between a policyholder’s actual business activities and those stated on the policy schedule, there is an inherent risk that they will not be covered, or cover will be significantly reduced in the event of a claim.
For further advice on optimising your management liability coverage amid evolving regulatory requirements, speak to a Bellrock Advisor.
Continue reading our full range of market updates:
- Insurance Market Overview
- Property
- Commercial General Liability
- Motor
- Contractors Plant & Equipment
- Strata
- Claims
- Workplace Risk
- Executive & Professional Risk
- Construction