The Journal
Cyber risk analysis, regulatory intelligence, and underwriting insights
AI Agents · · 9 min read
Living-Off-the-Land 2.0: How Autonomous AI Agents Are Weaponizing LOTL Tradecraft — And What It Means for Cyber Underwriting
The convergence of agentic AI and living-off-the-land attack techniques is collapsing three attacker constraints at once: cost, skill, and detectability. A deep analysis of demonstrated capabilities, real incidents, and the underwriting implications that should reshape your risk selection in 2026.
AI · · 7 min read
AI in Cyber Underwriting: Attacker, Defender, and Underwriter Perspectives
Exploring how AI transforms cyber risk from three angles: how threat actors weaponize it, how security teams deploy it, and how underwriters must adapt their approach.
NIS 2 · · 5 min read
BSI Opens NIS2 Enforcement: What German Entities Must Do Before the Audit
BSI has begun NIS2 enforcement audits. Essential entities in Germany face up to €10M fines. Here is what your audit readiness checklist looks like for 2026.
Cloud Outage · · 7 min read
Cloud Outage Loss Scenario: When Your Infrastructure Provider Goes Dark
A realistic loss scenario analyzing what happens when a major cloud provider outage strikes — business interruption cascades, insurance triggers, and the coverage gaps that leave policyholders exposed.
NIS 2 · · 13 min read
Critical Infrastructure Underwriting Under NIS2: Healthcare, Energy, and Transport in 2026
A sector-by-sector guide for cyber underwriters on NIS2 critical infrastructure compliance in healthcare, energy, and transport — including specific requirements, claim trends, underwriting questions, and coverage implications.
Claims · · 9 min read
Denied: Why 1 in 4 Cyber Insurance Claims Gets Rejected in 2026
21% of cyber insurance claims were denied or partially denied in 2025, up from 15% two years ago. Here are the specific reasons — and what brokers can do to prevent it.
Claims · · 6 min read
Cyber Claims in 2026: Fewer Claims, Bigger Losses — The Severity Paradox
Cyber insurance claims frequency dropped 53% in early 2025 but average severity doubled for large accounts. What the data means for underwriters pricing risk in 2026.
Cyber Insurance · · 7 min read
Cyber Insurance Buying Guide 2026: What Every Business Needs to Know
A practical guide to choosing the right cyber insurance policy in 2026. Covers NIS2 compliance, key coverage areas, common exclusions, and how to get the best terms.
Cyber Insurance · · 13 min read
Cyber Insurance Claims Process: Step-by-Step Guide for Filing and Settling Claims in 2026
Complete guide to the cyber insurance claims process — from incident detection to settlement. Learn notification deadlines, documentation requirements, common mistakes that delay payouts, and how to maximize your claim recovery.
Cyber Insurance Comparison · · 16 min read
Cyber Insurance Comparison: How to Evaluate and Compare Policies in 2026
Learn how to compare cyber insurance policies in 2026. Coverage limits, deductibles, exclusions, endorsements, top EU providers, and a buyer's checklist. Includes NIS2 impact on policy selection.
Cyber Insurance · · 5 min read
How Much Does Cyber Insurance Cost in 2026? A Pricing Breakdown for Underwriters and Buyers
Complete guide to cyber insurance pricing in 2026. Learn the key factors that determine premiums, from revenue size to security controls, with real market benchmarks for SMEs and mid-market companies.
Cyber Insurance Coverage · · 13 min read
What Does Cyber Insurance Cover in 2026? First-Party and Third-Party Coverage Explained
Complete guide to cyber insurance coverage in 2026. Learn what policies actually cover: data breach response, business interruption, cyber extortion, privacy liability, regulatory defense, and more. Understand first-party vs third-party coverage.
Cyber Insurance · · 8 min read
Cyber Insurance Exclusions: What's NOT Covered in 2026
Critical guide to cyber insurance exclusions and coverage gaps. Learn what most policies don't cover, from unencrypted devices to nation-state attacks, and how to protect your business from blind spots.
Cyber Insurance · · 14 min read
Cyber Insurance Policy Wording: 12 Essential Clauses Every Underwriter and Broker Must Check in 2026
Practitioner guide to cyber insurance policy wording — the 12 critical clauses that determine coverage scope, exclusions, and claims outcomes. Written for underwriters, brokers, and risk managers comparing cyber policies in 2026.
Cyber Insurance · · 10 min read
Cyber Insurance Renewal Guide: How to Review, Renegotiate, and Switch Providers in 2026
Everything you need to know about renewing your cyber insurance policy in 2026. Learn when to start the renewal process, how to negotiate better premiums, what coverage changes to watch for, and when switching providers makes sense.
Cyber Insurance · · 8 min read
Cyber Insurance for Small Businesses in Europe: The Complete 2026 Guide
Everything small and medium businesses in the EU need to know about cyber insurance in 2026. Learn what coverage you need, how much it costs, NIS2 requirements, and how to find the right policy for your budget.
Cyber Resilience Act · · 12 min read
Cyber Resilience Act vs NIS2 vs DORA: Which Regulation Applies to My Insured?
A practical comparison of the three major EU cybersecurity regulations — CRA, NIS2, and DORA — explaining scope, timelines, requirements, and what cyber insurance underwriters need to ask clients in 2026.
Cyber Risk · · 3 min read
Deepfake-Enabled BEC: The Claim Trend Underwriters Cannot Ignore
Business email compromise has been the most financially devastating category of cybercrime for years. Now deepfakes are supercharging that dynamic, and the claims data is starting to reflect it.
DORA · · 23 min read
DORA ICT Risk Management Framework: What Cyber Insurance Underwriters Must Know in 2026
Complete practitioner guide to the DORA ICT risk management framework for cyber insurance underwriting. Covers the 5 pillars, how they affect coverage decisions, underwriting questions for financial sector clients, and compliance deadlines.
DORA · · 16 min read
DORA ICT Risk Management Framework: Complete Practitioner Guide for Financial Institutions and Their Insurers in 2026
Comprehensive guide to the Digital Operational Resilience Act (DORA) ICT risk management framework. Covers all 5 pillars, compliance requirements, underwriting implications, and the intersection with NIS2 for EU financial institutions.
Attack Surface · · 5 min read
The €50,000 Domain That Could Bankrupt Your SMB: Why External Attack Surface Discovery Cannot Wait
Your domain portfolio is your biggest attack surface - and most security teams have no idea what is exposed. Learn how to quantify your financial exposure in euros, not letter grades.
Insider Threat · · 7 min read
Insider Threat Loss Scenario: The Privileged Employee Who Walked Away With Everything
A detailed loss scenario analyzing an insider threat data exfiltration event — from detection through forensic investigation, regulatory reporting, and insurance recovery. Underwriters need to understand how insider claims differ from external attacks.
Newsletter · · 5 min read
Introducing The Underwriter's Edge
A new weekly newsletter for cyber underwriters, risk engineers, and brokers who want to stay ahead of threats, regulations, and emerging risks.
Claims · · 8 min read
Cloud Outages, AI Fraud, and Supply Chain Attacks: The New Cyber Claims Frontier
From the CrowdStrike outage to deepfake $25M heists, the cyber claims landscape in 2026 looks nothing like 2023. Brokers must understand five emerging claim categories reshaping coverage.
NIS 2 · · 4 min read
NIS2 Intelligence Digest — BSI Enforcement Activated, Penalty Calculators Updated
Weekly intelligence on NIS2 enforcement, supervisory activity, and cyber insurance market developments across the EU.
NIS 2 · · 11 min read
NIS2 Article 21 Technical Measures: The Complete Security Requirements Breakdown for 2026
NIS2 Article 21 defines 10 mandatory security measures every essential and important entity must implement. Complete breakdown of each requirement with implementation guidance, audit evidence expectations, and compliance timeline.
NIS 2 · · 10 min read
The NIS2 Audit Crunch: What Underwriters Need to Know Before June 30, 2026
With the June 30, 2026 NIS2 compliance audit deadline approaching, cyber underwriters face a narrow window to reassess risk profiles across their entire European portfolio. Here is what the audit requirement means for how you evaluate, price, and write cyber coverage.
NIS 2 · · 12 min read
How to Prepare for a NIS2 Audit: Documentation, Evidence, and Compliance Verification Guide (2026)
Complete guide to NIS2 audit preparation. Covers documentation requirements by Article, evidence collection, common failures, management liability, and a 30-day pre-audit checklist for in-scope EU entities.
NIS 2 · · 11 min read
NIS2 Austria Compliance Guide: NISG 2026 Requirements, BMI Authority and DACH Region Framework for 2026
Complete guide to NIS2 compliance in Austria. Covers the NISG 2026 (Network and Information Systems Security Act), BMI/Bundesamt für Cybersicherheit authority, entity classification, sector requirements, CERT.at incident reporting, penalties up to €10M, and the 1 October 2026 entry into force deadline.
NIS 2 · · 12 min read
NIS2 Belgium Compliance Guide: CCB Requirements and CyberFundamentals Framework for 2026
Complete guide to NIS2 compliance in Belgium. Covers the CCB enforcement framework, Law of 26 April 2024, CyberFundamentals (CyFun) compliance tracks, entity classification, sector requirements, penalties, and the 18 April 2026 deadline for essential entities.
NIS 2 · · 8 min read
NIS2 Board Liability: Personal Fines, Bans, and What Management Must Know in 2026
NIS2 Article 20 holds management bodies personally liable for cybersecurity failures. This guide explains personal fines, temporary bans, and the 7 steps boards must take to protect themselves in 2026.
NIS 2 · · 6 min read
NIS2 Compliance Checklist for 2026: What Brokers Need to Verify Before Coverage Placement
Before placing cyber coverage for NIS2 in-scope clients, verify these 10 compliance checkpoints. Missing documentation is the most common coverage gap.
NIS2 Compliance Checklist · · 18 min read
NIS2 Compliance Checklist 2026: Complete Guide for Insurance Professionals
Complete NIS2 compliance checklist with requirements, deadlines, and implementation steps. Get your organization compliant with our expert guide.
NIS 2 · · 9 min read
NIS2 Compliance Cost: What European Companies Actually Spend in 2026
Real NIS2 compliance costs broken down by company size and sector. Essential entities spend €150K-€2M+, important entities €30K-€500K. Includes cost framework, hidden expenses, ROI calculation, and free tools to estimate your budget.
NIS 2 · · 17 min read
What is NIS2 Compliance? A Complete Guide for 2026
Master NIS2 compliance in 2026. Understand the EU cybersecurity directive, who it affects, key requirements, penalties, and how to prepare before enforcement.
NIS 2 · · 10 min read
NIS2 Compliance for IT Managers: The Action Plan That Actually Works in 2026
Step-by-step NIS2 compliance action plan for IT managers and CISOs. Practical implementation guide covering risk management, incident reporting, security governance, supply chain security, and business continuity — with free tools and templates.
NIS 2 · · 10 min read
How NIS2 Compliance Lowers Cyber Insurance Premiums: The Business Case for Security Investment
NIS2 compliance can reduce cyber insurance premiums by 15-40%. Learn which controls insurers value most, how to document compliance for underwriters, and calculate the ROI of security investment against premium savings.
NIS2 Compliance Requirements · · 13 min read
NIS2 Compliance Requirements: 10 Mandatory Security Controls Before the 2026 Deadline
Master NIS2 compliance with our guide to the 10 mandatory security requirements. Learn what to implement, when deadlines hit, and how to avoid penalties up to €10 million or 2% of global turnover.
NIS 2 · · 8 min read
NIS2 Czech Republic Compliance Guide: Act No. 264/2025, NÚKIB Authority and Strategically Important Services for 2026
Complete guide to NIS2 compliance in the Czech Republic. Covers Act No. 264/2025 Coll., NÚKIB authority, uniquely expanded scope with "strategically important services," entity classification, higher vs. lower obligations regimes, penalties up to CZK 250M (~€10M), and registration deadlines.
NIS 2 · · 8 min read
NIS2 Denmark Compliance Guide: NIS-2-loven, CFCS Authority and Danish Cybersecurity Framework for 2026
Complete guide to NIS2 compliance in Denmark. Covers the NIS-2-loven (Bill L 141), CFCS authority under Defence Intelligence, SAMSIK registration, entity classification, sector-specific obligations, criminal enforcement model, penalties up to DKK 75M (~€10M), and key registration deadlines.
NIS 2 · · 13 min read
NIS2 Estonia Compliance Guide: Cybersecurity Act Amendments and RIA Requirements for 2026
Complete guide to NIS2 compliance in Estonia — covering the amended Cybersecurity Act (Küberturvalisuse seadus), RIA enforcement, CERT-EE incident reporting, entity classification, sector requirements, penalties, phased implementation timeline, and cyber insurance implications for Estonian entities.
NIS 2 · · 9 min read
NIS2 Finland Compliance Guide: Kyberturvallisuuslaki (Act 124/2025), Traficom Authority and Kybermittari Framework for 2026
Complete guide to NIS2 compliance in Finland. Covers the Kyberturvallisuuslaki (Cybersecurity Act 124/2025), Traficom/NCSC-FI authority, free Kybermittari self-assessment tool, entity classification with 50,000-resident municipal threshold, guidance-first enforcement, penalties up to €10M, and key registration deadlines.
NIS 2 · · 11 min read
NIS2 France: ANSSI Compliance Requirements, Enforcement Timeline, and What French Entities Must Do in 2026
ANSSI is enforcing NIS2 across France with formal notice procedures and audits. Essential entities face €10M fines. Complete guide to French NIS2 transposition, ANSSI audit expectations, and compliance steps for OSE and OSI entities.
NIS 2 · · 12 min read
How to Conduct a NIS2 Gap Analysis: Step-by-Step Readiness Assessment for 2026
Complete NIS2 gap analysis methodology with step-by-step instructions, free checklist template, and readiness scoring framework. Identify compliance gaps across all 10 Article 21 measures, incident reporting, governance, and supply chain security before your national authority does.
NIS 2 · · 13 min read
NIS2 Greece Compliance Guide: ENSI Authority, Maritime & Energy Sector Requirements, and What Greek Entities Must Do in 2026
Complete guide to NIS2 compliance in Greece. Covers the ENSI (Εθνική Αρχή Κυβερνοασφάλειας) authority, entity classification, maritime fleet obligations, island energy infrastructure, GR-CSIRT incident reporting, penalties up to €10M, and the compliance roadmap for Greek entities.
NIS2 Incident Reporting · · 18 min read
NIS2 Incident Reporting: 24-Hour, 72-Hour, and 1-Month Requirements Explained
Complete guide to NIS2 incident reporting timelines, requirements, and procedures. Learn what must be reported, when, and to whom under the EU cybersecurity directive.
NIS 2 · · 8 min read
NIS2 Ireland Preparation Guide: National Cyber Security Bill, NCSC Ireland and CyFun Framework for 2026
Complete guide to NIS2 preparation in Ireland. Covers the pending National Cyber Security Bill, NCSC Ireland authority, CyFun compliance framework adopted from Belgium, 15 Risk Management Measures, entity classification expectations, and what organizations should do now despite legislation not yet enacted.
NIS 2 · · 12 min read
NIS2 Italy: ACN Compliance Requirements, Enforcement Timeline, and What Italian Entities Must Do in 2026
Italy's Agenzia per la Cybersicurezza Nazionale (ACN) is enforcing NIS2 with surprise audits, dual-authority supervision, and personal liability for management. Essential entities face €10M fines. Complete guide to Italian NIS2 transposition, ACN registration, and compliance steps for Decree 138/2024.
NIS 2 · · 11 min read
NIS2 Netherlands Compliance Guide: NCSC-NL Requirements for Dutch Entities
Complete guide to NIS2 compliance in the Netherlands. Covers NCSC-NL enforcement, Uitvoeringswet cybersecurityrichtlijn implementation, sector-specific requirements, deadlines, penalties, and what Dutch entities must do now.
NIS 2 · · 9 min read
NIS2 Penalties Explained: Essential vs Important Entities and What They Mean for Coverage
NIS2 fines range from €7M to €10M depending on entity classification. Understand essential vs important entity penalties and how compliance posture affects cyber insurance pricing.
NIS2 Penalties · · 6 min read
NIS2 Penalties & Fines Explained: What Organizations Actually Face in 2026
NIS2 fines can reach €10 million or 2% of global annual turnover—whichever is higher. This breakdown explains exactly which penalties apply to essential vs important entities, what triggers enforcement, and how underwriters should factor penalty exposure into cyber risk assessment.
NIS 2 · · 13 min read
NIS2 Poland Compliance Guide: Ustawa o Cyberbezpieczeństwie and NCSA Requirements for 2026
Complete guide to NIS2 compliance in Poland — covering the amended Cybersecurity Act (Ustawa o cyberbezpieczeństwie), NCSA enforcement, entity classification under Polish law, sector requirements, penalties, and implementation timeline for Polish entities.
NIS 2 · · 8 min read
NIS2 Portugal Compliance Guide: Decree-Law 125/2025, CNCS Authority and Four-Tier Entity Framework for 2026
Complete guide to NIS2 compliance in Portugal. Covers Decree-Law 125/2025 (Regime Jurídico da Cibersegurança), CNCS authority, unique four-tier entity classification, mandatory cybersecurity officer appointment, 24-month delayed enforcement, penalties up to €10M, and key registration deadlines.
Ransomware · · 7 min read
NIS2 Ransomware Reporting Requirements: What Incident Response Teams Must Know
Under NIS2, ransomware incidents trigger mandatory reporting obligations with tight deadlines and personal liability for management. Here is the compliance playbook incident response teams need.
NIS 2 · · 11 min read
NIS2 Romania Compliance Guide: Romanian Cybersecurity Law and ANSI Requirements for 2026
Complete guide to NIS2 compliance in Romania — covering the amended Cybersecurity Law (Legea 361/2018), ANSI enforcement, STS coordination, entity classification, sector requirements, penalties, and implementation timeline for Romanian entities.
NIS 2 · · 13 min read
NIS2 Spain: INCIBE Compliance Requirements, Enforcement Timeline, and What Spanish Entities Must Do in 2026
INCIBE and CCN are enforcing NIS2 across Spain with sector-specific audits and registration mandates. Essential entities face €10M fines. Complete guide to Spanish NIS2 transposition, INCIBE oversight, and compliance steps for operators.
NIS 2 · · 10 min read
NIS2 Supply Chain Security Requirements: Third-Party Risk Management Guide for 2026
NIS2 Article 21 mandates supply chain security for all essential and important entities. Complete guide to third-party risk assessments, vendor security clauses, supply chain vulnerability monitoring, and compliance evidence — with free checklist and implementation templates.
NIS 2 · · 11 min read
NIS2 Sweden Compliance Guide: Cybersäkerhetslagen SFS 2025:1506, MCF Authority and Nordic Framework for 2026
Complete guide to NIS2 compliance in Sweden. Covers the Cybersäkerhetslagen (Cybersecurity Act SFS 2025:1506), MCF (formerly MSB) authority, CERT-SE incident reporting, entity classification, sector requirements, decentralized supervision model, penalties up to €10M, and the January 2026 entry into force.
NIS 2 · · 16 min read
NIS2 Underwriting Questions: What Every Cyber Insurance Broker Should Ask
Practical Line 1, Line 2, and Line 3 underwriting questions for NIS2-exposed clients. Essential vs important entities. Coverage gaps brokers should flag.
Ransomware · · 7 min read
Ransomware Attack Vectors in 2026: What Risk Managers Must Monitor
Ransomware groups have moved beyond phishing. Here are the five dominant attack vectors risk managers need to understand — and how each one changes the insurance equation.
Ransomware · · 5 min read
Ransomware Claims in 2026: What the Data Tells Underwriters About Pricing Risk
Ransomware claims frequency is shifting again in 2026. Here is what the latest data patterns mean for how underwriters price cyber risk, structure deductibles, and evaluate ransomware-specific endorsements.
Ransomware · · 7 min read
Ransomware and Cyber Insurance: What Policies Actually Cover in 2026
Cyber insurance policies are being rewritten in real-time as ransomware losses reshape the market. Here is what is covered, what is excluded, and what underwriters are demanding before they write the risk.
Ransomware · · 6 min read
Ransomware Underwriting Models in 2026: From Flat Premiums to Dynamic Risk Pricing
Cyber underwriters still using flat ransomware pricing are leaving money on the table. Here is how leading insurers are building dynamic pricing models using threat intelligence, sector exposure, and real-time data.
Supply Chain · · 7 min read
Supply Chain Attack Loss Scenario: What Happens When Your Vendor Gets Compromised
A detailed walkthrough of a realistic supply chain cyber attack loss scenario — from initial compromise through business interruption, third-party claims, and insurance recovery. Essential reading for underwriters pricing vendor-dependent risks.
Stay ahead of cyber risk
Weekly insights on NIS 2, DORA, ransomware, and risk engineering — delivered to your inbox.