With The Terrorism (Protection of Premises) Act 2025 - known as Martyn’s Law - having received Royal Assent on 3 April, the sector was warned that it must address the changes to duty of care now in place.

The issue was raised during HOSPA’s most-recent webinar, Cutting costs and maximising insurance, hosted by HOSPA CEO Jane Pendlebury, with Michael Flynn, client director, Howden.

Flynn said: “It doesn’t matter what kind of premises you operate, the approach to risk has always been property led. The events we saw in Borough Market 10 years ago were a business interruption issue, with the market closed for three days. In that case the state stepped in, but what has changed now is that there is now a statutory case for businesses to protect their customers. The main point about Martyn’s Law is that the main duty of care has shifted from the government to the operator.

“We are no longer talking about property, but the protection of guests. [Martyn’s Law identifies two tiers] Tier one is where you expect at least 200 people at an event and Tier two is at least 800 people and both have a higher level of reporting obligation to the SIA.

“Terrorism is capped in most insurance programmes to £2m and some insurance companies will look to cap their liability, so it’s important to check how much you’re covered for.”

100% of those polled during the webinar still had some work to do in terms of planning and preparation for Martyn’s Law.

Elsewhere in the insurance sector, Flynn described “soft market conditions” meaning that the next year or so would be a good time to shop around. He added: “There are changes in rick management and changes to legislation all the time, so now’s a good time to get insurance in place so that you can plan in terms of premium and pricing.”

Attendees raised concerns about cyber risks, with Flynn responding: “Be really careful with cyber. We’re certainly seeing flat or upwards pressure, some carriers are stripping back some cover and if you’ve received a quote last year, ask whether it’s the same this year. Cyber insurers are becoming more nervous and the main thing you need to be away of is MFA (multi-factor authentication), which should be on all head-office phones and laptops - and that will keep 90% of issues away”.