Employers need to ensure that their suite of insurance policies covers risks which may arise from flexible work arrangements.
Working from home is certainly becoming more common and many employees do so on a regular or ad hoc basis. While employers generally are updating their employment policies and manuals to accommodate this shift in the way we work, their insurance policies are getting left behind, and leaving them exposed. In this article we'll set out the key risks which may arise while an employee is working flexibly: injury to the employee, injury to a third party, property loss or damage and cyber risk.
Flexible work arrangements - who has the right to them?
Fair work legislation allows employees who have been with the same employer for 12 months to request flexible working arrangements if they meet one of the following criteria:
- they are a carer;
- they are 55 or over;
- they have a disability;
- they are a parent or are responsible for the care of a child who is of school age or younger; or
- they are experiencing family violence or are caring for a family member who is experiencing family violence.
Employers are increasingly offering flexible working arrangements to all employees, not just those who fall into the categories specified in the fair work legislation, caused by a greater desire for work/life balance, advances in technology which make it possible for more employees to work from remote locations, and a desire to retain valued staff.
Injury to the employee
While employers are required to have workers' compensation insurance in place, the level of coverage may need to be adjusted to take into account the number of employees working from home and the type of work they are performing. Bear in mind that psychological injuries are also encompassed within compulsory workers' compensation schemes and this must be taken into account when considering coverage.
Injury to a third party
If customers or clients are meeting with employees outside of the place of business, whether that be in their own homes or elsewhere, employers must be certain their public liability insurance extends to cover liabilities which arise from these locations.
Property loss or damage
General property insurance will, as a general rule, cover the tangible property of the business wherever it is located. However, it will not normally cover the property of an employee, such as personal mobile phones, tablets or laptops, even where that property is used in the course of their employment. While employees may have personal insurance to cover loss or damage to tangible items of property, the greatest risk lies with loss or damage to intangible property, particularly electronic data, which brings us to the emerging area of cyber risk.
Cyber risks come in various forms. Data breaches or destruction of data can occur as a consequence of hacking and malicious code or by inadvertent mistake, such as leaving a device unsecured so it can be accessed by unauthorised third parties. Denial of service attacks, which overwhelm a computer system by sending an excessive amount of data to the system and preventing access to it, pose another risk.
Most general property insurance policies and general liability policies expressly exclude cover for electronic data and a growing market has emerged for cyber insurance policies to fill this gap. Cyber risk policies generally include cover for, among other things:
- the insured's liability to third parties for breach of privacy, contamination of data belonging to a third party and destruction or corruption of data due to a breach of data security;
- first-party losses sustained by the insured such as fees related to forensic services, public relations experts and lawyers to assist the insured to address the cyber issue;
- first-party losses incurred in restoring, recreating or recollecting electronic data, if such data has been lost and is salvageable; and
- business interruption losses.
Prior to underwriting a cyber insurance policy, insurers will usually review the security technology, compliance measures, policies and protocols a company has in place for protecting confidential data and maintaining the integrity of computer systems. Employers who have a flexible workforce must ensure that they have appropriate security measures in place to account for the increased risk where employees are accessing company computer and information technology systems externally through unsecured networks or on personal devices. Employers will also need to check with their broker or insurer that any cyber policy in place extends to cover loss and liabilities which will arise because of the use of personal devices to access a centralised computer operating system..
What you should do to cover off the risk of flexible working
Employers should review their insurance policies to confirm that those currently in place are adequate to cover employees who work flexibly and/or remotely. Consideration of the policy wordings in your workers' compensation, public liability, property and cyber risk policies is required to ensure that the scope and level of coverage is suitable for a flexible workplace and will respond to cover emerging risks.