APRA Reboots Its National Claims Database, Splitting Out Cyber and D&O

APRA Reboots Its National Claims Database, Splitting Out Cyber and D&O

APRA National Claims and Policies Database overhaul splits cyber and D&O into new categories, keeping confidentiality safeguards intact.

The APRA National Claims and Policies Database is getting a structural overhaul rather than a bigger data pipe. On 1 July 2026, the Australian Prudential Regulation Authority published its response to a consultation on updating the section 57 non-confidentiality determination that underpins the database’s public statistics. The headline change is not more data, but better plumbing: cyber and management liability, including directors’ and officers’ cover, become standalone reporting categories for the first time, while confidentiality guardrails stay exactly where they were.

A Publication Format Rebuilt Around Downloadable Datasets, Not Scope Creep

APRA’s own framing of the reform is deliberately narrow. The regulator’s response letter, also dated 1 July 2026, covers both a proposed non-confidentiality determination for the database and a refreshed approach to how the figures get published. That distinction matters because it signals a change in delivery mechanism rather than a widening of what insurers must report. As detailed in APRA’s broader push to modernise its supervisory data architecture, the NCPD refresh fits a pattern of moving legacy portal reports toward structured, downloadable datasets that actuaries and pricing teams can pull directly into their own models.

The original proposal floated in May 2026 had already promised to keep the same aggregation level and data scope as the existing determination while simplifying how the output looked, and APRA has now confirmed it is following through on that commitment rather than expanding it. The regulator will proceed with the non-confidentiality determination largely as proposed, without broadening the underlying data scope. In other words, this is a repackaging exercise: the same underlying claims and policy data, cut into more usable and more granular publication categories.

Why Cyber and D&O Finally Get Their Own Lane

For years, cyber exposure data in Australia has been thin, scattered across insurer-specific disclosures or buried inside broader liability categories that made benchmarking difficult. The May 2026 consultation proposal covered six NCPD reporting standards spanning policy, claims and facility data, and the refreshed format splits that into four policy cross-sections and four claims cross-sections for general insurers, with facilities and Lloyd’s business handled through separate publications. Carving cyber and management liability out as their own lines within that structure gives pricing actuaries and reinsurers a cleaner reference point than trying to infer trends from combined liability figures.

Splitting cyber and D&O into dedicated cross-sections does not change what insurers report to APRA — it changes how visible that data becomes to the market pricing against it.

The move also lands against a backdrop of heightened scrutiny of insurer boards and risk committees. InsuraBeat has previously covered how APRA has been tightening its expectations around insurers’ readiness for complex, fast-moving risks, and better cyber claims visibility is a natural complement to that agenda: supervisors and underwriters alike need granular loss data to judge whether current D&O and cyber pricing reflects actual claims experience.

Confidentiality Safeguards Survive the Overhaul Intact

Industry pushback during consultation focused less on the new categories and more on whether finer slicing of the data could inadvertently expose individual insurers’ books, particularly in smaller liability lines with few writers. Submissions came from industry bodies including the Actuaries Institute and the Insurance Council of Australia, and APRA’s response addresses that concern directly. External NCPD publications will retain the current level of data aggregation and existing confidentiality safeguards even as cyber and management liability move into standalone categories, meaning the new structure adds resolution between lines of business without adding resolution down to individual insurer level.

For firms that need more than the public aggregates, the door has not closed. More granular data beyond the published aggregated releases remains available on application to APRA’s data analytics team, subject to privacy conditions. That two-tier access model — open aggregates for the market, controlled granular extracts for qualifying requesters — is effectively unchanged from the prior regime, which should reassure insurers wary of a formal review process, such as the one behind APRA’s recent decision to revoke an insurer’s licence, being used to justify wider disclosure of commercially sensitive claims data.

Rollout Timeline: What Lands When

The database itself is not new. APRA established the NCPD in 2003 at the request of the Australian Government, in consultation with the insurance industry and other stakeholders, and it has functioned since then as a comprehensive record of policy and claims information covering professional indemnity and public and product liability insurance. Coverage today extends to public and products liability, professional indemnity and directors’ and officers’ liability, while reinsurance, marine cover and domestic householder liability policies remain outside its scope.

  • The consultation on the non-confidentiality determination and publication format closed to industry submissions on 16 June 2026.
  • APRA’s most recent statistics update before this refresh was released on 10 December 2025, with the next issue scheduled for 3 July 2026.
  • The first publication under the refreshed format will include data through 31 December 2024, with 2025 data following later in 2026.

That staggered timeline means the market will not see a like-for-like comparison between the new cyber and D&O cross-sections and prior-year figures immediately — the reference point only catches up once 2025 data lands. APRA’s last dedicated NCPD analysis report, published 10 May 2023, examined claims trends and affordability across public and product liability, professional indemnity, and directors and officers insurance, and a similarly structured deep-dive is the logical next step once the refreshed cross-sections have a full year of comparable data behind them.

Sources

Frequently Asked Questions

Mini-FAQ : APRA Reboots National Claims Database

Does the NCPD overhaul mean insurers now report more data to APRA?
No. APRA has confirmed it will proceed with the non-confidentiality determination without expanding the underlying data scope, and external publications will keep the same level of aggregation and confidentiality safeguards as before. The change is in how the existing data is packaged and published, including new standalone cross-sections for cyber and management liability, not in what insurers are required to submit.
When will the first refreshed NCPD publication be available?
The first publication under the new format covers data through end-2024, with the following year’s figures scheduled to follow in 2026. APRA’s most recent statistics update prior to this refresh came in late 2025, and the next scheduled issue is due in mid-2026.
Can insurers or researchers still access more granular NCPD data?
Yes. Beyond the publicly published aggregated statistics, more granular data can still be requested from APRA’s data analytics team, subject to privacy conditions. That controlled-access channel is unchanged by the publication format refresh.
P

Patrice Dumont

InsuraBeat correspondent

Senior reporter at InsuraBeat leading coverage of insurance regulation, executive moves, and the insurtech landscape across EMEA and APAC. Fifteen years straddling regulation and trade journalism: began in the legal team of a French insurance industry body, advising members on Solvency II implementation and product approvals, then moved to specialised insurance media to cover EIOPA, NAIC and IAIS work and prudential reform. Graduate of the Pan-Asian School of Governance and Regulatory Affairs (Singapore), with an LL.M. in Insurance Prudential Law and Cross-Border Compliance from the Nihon-Siam Institute of Legal Studies (Bangkok). Writes from Brussels, on European afternoon markets.

All articles by Patrice Dumont →

Daily Beat newsletter

Never miss a beat in global insurance.

Get the day’s top deals, executive moves and regulatory shifts in your inbox every morning.

Free. No spam. Unsubscribe anytime.