Insurance implications of ASIC’s 2025 priorities

From cyber threats to governance failures, volatility and climate disclosures: The insurance implications of ASIC’s 2025 priorities

ASIC’s regulatory priorities for 2025 highlight critical risks affecting businesses across Australia. From cyber threats to governance failures and financial misconduct, these areas of focus have direct implications for risk management and the role of insurance in mitigating exposure.

Companies will need to reassess their coverage, including directors’ and officers’ (D&O) liability, cyber insurance, professional indemnity and business interruption policies, to ensure they are adequately protected. With ASIC intensifying its scrutiny, businesses should work closely with their brokers and insurers to align their risk strategies and insurance policy coverage with evolving regulatory expectations.

Changing dynamics between public and private markets

ASIC’s increased surveillance of private markets underscores the need for businesses to ensure transparency and robust governance, particularly in areas like asset valuation and liquidity management. Companies managing investment funds or participating in private equity deals should anticipate greater regulatory scrutiny. Insurers will likely apply heightened focus on underwriting risks associated with misrepresentation, misleading financial disclosures and governance failures. Businesses are encouraged to review their D&O and professional indemnity insurance policies to ensure they have appropriate coverage for regulatory investigations and potential legal claims arising from compliance breaches, which is not always the case.

Superannuation members being let down by their fund and trustee

With $750 billion expected to shift from the accumulation phase to the retirement phase over the next decade, superannuation trustees are facing heightened scrutiny over member services. ASIC’s focus on service quality, complaints handling and fund governance increases the liability exposure of super fund trustees and executives.

It would be prudent for trustees and fund managers to ensure their professional indemnity insurance policies cover enforcement actions and class actions arising from a wide range of alleged service failures, which again is often not the case.

Consumer losses through fraud and scams

The increasing sophistication of financial fraud, including cryptocurrency scams and deepfake impersonations, presents significant risk exposure for financial institutions, payment processors and digital platforms. Businesses involved in financial transactions should assess their cyber insurance and crime insurance policies to ensure they cover fraudulent transactions, social engineering scams and regulatory fines related to data breaches. The interaction between these two policies also needs to be carefully examined. Cryptocurrency policy exclusions should also be avoided.

It would be beneficial for businesses to proactively continuing to strengthen their cybersecurity frameworks to meet the requirements and expectations of insurers and to remain compliant with regulatory expectations.

Unsuitable superannuation advice resulting in adverse consumer outcomes

ASIC’s crackdown on misleading or high-risk superannuation advice means financial advisors and investment advisers must ensure they operate with transparency and compliance. The growing trend of high-risk investment recommendations within superannuation structures could lead to increased complaints and/or claims under professional indemnity policies.

Advisory firms might consider reviewing their professional indemnity insurance to confirm they are adequately covered for misrepresentation claims, regulatory investigations and enforcement actions.

Cyber-attacks, data breaches, and internal system failures

With businesses increasingly reliant on digital infrastructure, ASIC’s focus on cyber resilience highlights the growing exposure to financial and reputational damage from cyber incidents. Directors are expected to take a proactive role in ensuring their organisations have robust cybersecurity measures in place.

It is important for businesses to ensure their cyber insurance policies provide comprehensive coverage, including for regulatory fines, legal costs, and business interruption, as it remains a critical tool for mitigating financial losses from attacks. Businesses may also wish to discuss with their brokers and insurers cyber incident response protocols under the policy and how these align with the their own internal incident response procedures and service providers.

Poor quality climate-related financial disclosures leading to misinformed investment decisions

ASIC’s scrutiny of climate-related financial disclosures means businesses will need to ensure compliance with new reporting standards to avoid regulatory penalties and investor lawsuits. Misleading sustainability claims - often referred to as greenwashing - are becoming a major liability risk.

Companies are encouraged to review their D&O and professional indemnity policies to ensure there is cover for regulatory investigations and shareholder actions related to climate disclosures. Insurers are expected to tighten their stance on Environmental, Social and Governance risks, meaning businesses will need to demonstrate robust governance and reporting frameworks to maintain favourable insurance terms.

Conclusion

ASIC’s regulatory priorities for 2025 present both challenges and opportunities for businesses. It is important for businesses to ensure they have robust risk management frameworks in place and the right insurance coverage to protect against regulatory actions, litigation, and financial losses as compliance expectations rise. Whether addressing cyber threats, market volatility, governance failures or climate disclosures, the evolving regulatory landscape underscores the need for businesses to proactively engage with their insurance brokers and risk advisors to stay ahead of emerging risks and ensure adequate protection in an increasingly complex environment.

By aligning risk management strategies with ASIC’s focus areas, businesses can safeguard their operations, enhance resilience and maintain stakeholder confidence in a changing regulatory landscape.