NIS2 and DORA: What Cyber Underwriters Need to Know

A practical breakdown of how the NIS2 Directive and DORA regulation affect cyber insurance underwriting in Europe.

A practical breakdown of how the NIS2 Directive and DORA regulation affect cyber insurance underwriting in Europe.

The European regulatory landscape for cybersecurity is shifting fast. Two frameworks — NIS2 and DORA — are reshaping how organizations approach cyber resilience, and that has direct implications for how we underwrite cyber risk.

For a complete practitioner breakdown of the DORA ICT Risk Management Framework and specific underwriting questions per pillar, see our DORA ICT Risk Framework: What Underwriters Must Know.

What Changed with NIS2

The NIS2 Directive expanded scope significantly compared to its predecessor. More sectors, stricter requirements, and real enforcement teeth. For underwriters, this means the questions we ask during risk assessments need to evolve.

DORA and Financial Services

The Digital Operational Resilience Act targets financial entities specifically. It mandates ICT risk management frameworks, incident reporting, and third-party risk oversight. If you’re underwriting financial institutions in Europe, DORA compliance is now a baseline expectation.

For the complete breakdown of all five DORA ICT risk management pillars with specific underwriting questions per pillar, see our DORA ICT Risk Management Framework: Complete Practitioner Guide.

What This Means for Underwriting

These regulations create both risk and opportunity. Organizations that invest in compliance tend to have stronger security postures. But the transition period — where companies are still catching up — is where the exposure sits.

The key is asking the right questions during risk assessments and understanding where regulatory gaps translate to actual cyber risk. For a complete NIS2 compliance walkthrough with free tools, see our NIS2 Compliance Guide.

Michael Guiao Michael Guiao founded Resiliently AI and writes Resiliently. He has CISM, CCSP, CISA, and DPO certifications — but let them lapse, because in the age of AI, knowledge is cheap. What matters is judgment, and that comes from eight years of hands-on work at Zurich, Sompo, AXA, and PwC.

Go deeper with premium cyber risk reports

Professional-grade analysis, NIS2 compliance guides, and threat intelligence — used by underwriters across Europe.

Starter

€199 /month

Unlimited scans, submission packets, PDF downloads, NIS2/DORA

View Plans →
Best Value

Professional

€490 /month

Full platform — continuous monitoring, API access, white-label reports

Everything in Starter plus professional tools

Upgrade Now →
30-day money-back
Secure via Stripe
Cancel anytime

Free NIS2 Compliance Checklist

Get the free 15-point PDF checklist + NIS2 compliance tips in your inbox.

No spam. Unsubscribe anytime. Privacy Policy

blog.featured

WordPress Plugin Flaw CVE-2023-4213 Exposes 10K+ Sites to Cyber Claims

Cyber Risk ·

6 min read

WordPress Plugin XSS Vulnerability Exposes Cyber Insurance Portfolios to Persistent Web Risks

Cyber Risk ·

5 min read

WordPress Security Plugin Flaw Exposes Organizations to Cyber Claims

Cyber Risk ·

6 min read

WordPress Plugin Flaw Exposes Cyber Insurance Portfolios to SQL Injection Risks

Cyber Risk ·

6 min read

Premium Report

2026 Cyber Risk Landscape Report

24 pages of threat analysis, claims data, and underwriting implications for European cyber insurance.

View Reports →

Related posts

Abandoned WordPress Plugin Exposes 12,000+ Sites to Cyber Risk
Cyber Risk · · 5 min read

Abandoned WordPress Plugin Exposes 12,000+ Sites to Cyber Risk

CVE-2023-5336 in iPanorama 360 plugin creates systemic risk for small businesses. SQL injection vulnerability affects unpatched WordPress sites, highlighting third-party component gaps in cyber insurance coverage.

Acronis CVE-2022-46869: How Consumer Software Creates Enterprise Risk
Cyber Risk · · 5 min read

Acronis CVE-2022-46869: How Consumer Software Creates Enterprise Risk

Local privilege escalation vulnerability in Acronis backup software highlights underwriting risks from consumer-grade tools and patch management gaps.

Acronis Privilege Escalation Flaw Exposes Endpoint Security Gaps
Cyber Risk · · 5 min read

Acronis Privilege Escalation Flaw Exposes Endpoint Security Gaps

CVE-2023-41743 highlights critical endpoint protection weaknesses that expand attack surfaces and increase cyber insurance risk exposure for organizations.