JavaScript is required
DOMESTIC BUILDING INSURANCE now managed by the Building and Plumbing Commission
Visit BPC
flipping through documents

How well does insurance cover our risks?

Insurance is only part of a good risk management approach

We live in a VUCA world: Volatile, Uncertain, Complex and Ambiguous.

We’re faced with events that can have devastating consequences, and you don’t have to look far to see recent events in Australia’s news.

For example, the town of Dolphin Sands in Tasmania lost 19 homes in November 2025 to a bushfire. Telecommunications outages disrupted triple-0 calls across Australia. More people are using lithium-ion powered products, increasing the risk of fires. Meanwhile, artificial intelligence promises greater productivity but raises new moral and ethical questions about its potential misuse.

This poses important questions:

  • Have you considered what future incidents could cause harm and financial loss?
  • Do your records show that you’ve thought about risk and identified which risks are insurable?
  • Do your Board and senior leaders have confidence in your risk management framework?
  • Are you investing in the right prevention and response strategies?

In short – is your organisation prepared?

What is "Insurable Risk"?

In the context of public sector organisations, "insurable risk" refers to those risks that can be transferred to an insurer, such as losses arising from property damage, liability claims, or cyber incidents. These are events that are both uncertain and quantifiable, allowing insurers like VMIA to provide cover and financial protection. However, not all risks are insurable—some may be too uncertain, too frequent, or simply outside the scope of what insurance can address, for example reputational damage or coverage for criminal penalties.

Government’s role in managing insurable risk

With increasing pressure on insurance claims driven by factors such as climate change and evolving cyber threats, it’s more important than ever for organisations to understand which risks are insurable and how these fit within their broader risk management strategies.

There’s an expectation for organisations within the Victorian Government to “Work towards minimising exposure to insurable risk.” (source: Victorian Government Risk Management Framework, mandatory requirement 2.6, September 2025)

Not only is it a requirement, there are also sound commercial, ethical and legal reasons to understand and act on the insurable risks in the provision of public services.

Getting the balance right

Insurance is only part of a good risk management approach

The international Risk Management Standard ISO 31000 defines a risk control as “a measure that is modifying risk”. While insurance is an important measure, it should be considered as one of many controls in place to respond to risk.

A well-balanced approach to managing risk considers the effectiveness of both prevention and response measures. Excessive reliance on insurance, without sufficient attention to prevention, could increase the likelihood of an event occurring, leading to higher costs and potential harm to the people, places and systems in your care.

Improving how organisations manage insurable risk

To support our clients in understanding insurable risk, VMIA has enhanced its Risk Maturity Benchmark (RMB) self-assessment tool this year to include some of the required tasks and capabilities. We introduced a dedicated section focused specifically on insurable risk maturity. This addition enables our clients to self-assess how effectively they’re identifying, managing, and transferring insurable risks within their organisations. By integrating this into the overall assessment of enterprise risk management, clients gain a holistic view of their risk profile and can identify improvements.

What did our first results tell us?

Of the 240 Victorian State Government organisations invited to take part in our revamped RMB, 148 (62%) completed a self-assessment. This strong engagement tells us that that there’s continued interest in improving risk management practices.

Unsurprisingly, two topics (Risk Culture and Insurable Risk) show a lower level of maturity. This makes sense, as changing culture is difficult and some organisations may have a relatively low insurable risk profile, meaning achieving high maturity isn’t always appropriate.

One of the lowest areas of confidence identified from the new RMB questions on insurable risk was that 82% of respondents answered ‘No’ to the following statement:

Recording whether our risks are insurable or not in our risk register

Organisations can take simple steps to reflect insurable risk in their risk registers. These include:

  • Get familiar with your insurance policies (contact your VMIA risk adviser for guidance).
  • Identify risks that have a financial consequence.
  • Match these risks with the relevant insurance policies.
  • Document this work in your risk register.
  • Regularly revisit this work to capture changes in assumptions and operating conditions.

This will allow organisations to report on their insurable risks and help inform their Board and senior management as to where risks are covered by insurance, and where there may be gaps.

Want to know more about insurable risk?

Contact your Risk Adviser or our Insurance Advisory team at contact@vmia.vic.gov.au or on (03) 9270 6900. You can also enrol in our self-paced course here: Insurable risk in the public sector or explore our guide.

Risk management

Updated

Back to top