Cyber Exclusions in Management Liability Leave SMEs Vulnerable

Cyber exclusions in management liability policies have left small and medium-sized enterprises (SMEs) in Australia and New Zealand exposed to rising cyber-triggered claims against company directors. Pacific Indemnity Underwriting Solutions has introduced affirmative cyber language in its management liability product, addressing a significant coverage gap. Traditionally, many policies have excluded cyber exposure, pushing it into separate policies that smaller businesses often do not purchase. This has resulted in a lack of coverage for cyber events that could trigger director liability. The National Cyber Security Centre reported that direct financial losses from cyber incidents in New Zealand reached $26.9 million in 2024/25, with 53% of SMEs experiencing a cyber threat in early 2025. In Australia, the average cost of cybercrime for small businesses rose to $56,600, indicating a growing trend of cyber threats. The rise in business email compromise and phishing attacks highlights the urgent need for better coverage and awareness among SMEs.

Key Points: • Cyber exclusions in management liability policies leave SMEs vulnerable to claims. • Pacific Indemnity has introduced affirmative cyber language to address coverage gaps. • 53% of New Zealand SMEs faced cyber threats in early 2025, with rising financial losses.