The Professional Indemnity (PI) market continues to perform at varying rates, depending on occupation and industry type.
A significant portion of the market classified as “Miscellaneous” professionals saw flat or decreased pricing as Australian insurers compete for market share. Miscellaneous professionals are services outside traditional professions such as Lawyers, Accountants, Financial Planners, Engineers, Architects, and IT.
Whilst these professionals do have exposure to Professional Indemnity claims, their low frequency and severity makes them attractive to insurers. Additionally, the cover and limits are often driven by contractual requirements which might not reflect the insured’s risk, another reason why this area performs well from an insurer’s perspective.
Whilst the traditional professional services mentioned above are experiencing improved buying driven by intensifying competition, the growing volume of litigation, broader definitions of liability accompanied by more plaintiff-friendly legal decisions, and larger compensatory jury awards are all forcing insurers to pass on higher costs to policyholders. Notwithstanding this, policyholders with a positive claims history and strong internal protocols will be viewed more favourably by insurers and have the luxury of optionality and competitive pricing, relative to their industry peers.
As corporate Australia's approach to cyber security continues to improve, insurer sentiment is also more favourable and the product is starting to attract greater capacity.
Policyholders meeting the “ACSC Essential 8” and ISO27001 certification are considered best-in-class amongst insurers and are being rewarded with flat or reduced pricing. Meanwhile,
companies still on their way to an improved cyber security posture are being cautiously underwritten.
Companies with a high volume of Personally Identifiable Information (PII) are extremely attractive to cyber-criminals and continue to be the target of ransom attacks. Whilst Optus and Medibank made media headlines in 2022, in 2023 it is ASX-listed Latitude Financial experiencing a similar fate, with over 14 million customers exposed in a recent data breach.
Law firms Gordon Legal and Hayden Stephens and Associates have announced they will investigate a potential legal action against Latitude over the breach. This follows two class actions being brought against Medibank, filed in February and March 2023 for their breach.
With Professional Indemnity (PI) insurers introducing cyber exclusions to their policies in recent years, it is the Cyber Liability policies which will be relied upon to defend and settle third-party privacy liability claims made against policyholders. Accompanied by regulatory fines and penalties which may be imposed, it will be interesting to see how both matters evolve and the potential impact to insurers from these emerging third-party liability lawsuits.
Rates in the D&O market have continued on a downwards trajectory, following a trend reversal in late-2022. This was mainly driven by an increase in insurer appetite and capacity out of London, which forced Australian markets to follow suit. After five years of hardening market rates, insurers are now offering renewal terms at “expiring” or reduced rates to defend their market share from new entrants.
As economic conditions worsen, companies and their directors face the risk of insolvency. Depending on the circumstances which give rise to a company’s insolvency, a director may be held personally liable for the debts incurred. As a result, insurers have taken a cautious approach to industries with greater exposer to raw materials and inflationary pressures (such as construction and manufacturing), with many applying insolvency exclusions until they have satisfactorily reviewed company financials.
Despite rates softening, the D&O market has seen several claim trends emerge. One of the most notable developments is the growing focus on cyber risk. As companies become more reliant on technology, they also become more vulnerable to cyber-attacks. While directors are not expected to know the technical ins and outs of their systems, they must be able to properly govern privacy and cyber-security risks. We expect to see cyber securities class action lawsuits being launched which will expose Directors and Officers and these liabilities will need to be adequately insured under D&O programmes.