Cyber Insurance

Cloud Outage · 20. Apr. 2026 · 7 min read

Cloud Outage Loss Scenario: When Your Infrastructure Provider Goes Dark

A realistic loss scenario analyzing what happens when a major cloud provider outage strikes — business interruption cascades, insurance triggers, and the coverage gaps that leave policyholders exposed.

Insider Threat · 20. Apr. 2026 · 7 min read

Insider Threat Loss Scenario: The Privileged Employee Who Walked Away With Everything

A detailed loss scenario analyzing an insider threat data exfiltration event — from detection through forensic investigation, regulatory reporting, and insurance recovery. Underwriters need to understand how insider claims differ from external attacks.

Ransomware · 20. Apr. 2026 · 6 min read

Ransomware Underwriting Models in 2026: From Flat Premiums to Dynamic Risk Pricing

Cyber underwriters still using flat ransomware pricing are leaving money on the table. Here is how leading insurers are building dynamic pricing models using threat intelligence, sector exposure, and real-time data.

Supply Chain · 20. Apr. 2026 · 7 min read

Supply Chain Attack Loss Scenario: What Happens When Your Vendor Gets Compromised

A detailed walkthrough of a realistic supply chain cyber attack loss scenario — from initial compromise through business interruption, third-party claims, and insurance recovery. Essential reading for underwriters pricing vendor-dependent risks.

Claims · 19. Apr. 2026 · 9 min read

Denied: Why 1 in 4 Cyber Insurance Claims Gets Rejected in 2026

21% of cyber insurance claims were denied or partially denied in 2025, up from 15% two years ago. Here are the specific reasons — and what brokers can do to prevent it.

Claims · 19. Apr. 2026 · 6 min read

Cyber Claims in 2026: Fewer Claims, Bigger Losses — The Severity Paradox

Cyber insurance claims frequency dropped 53% in early 2025 but average severity doubled for large accounts. What the data means for underwriters pricing risk in 2026.

NIS 2 · 19. Apr. 2026 · 12 min read

NIS2 Italy: ACN Compliance Requirements, Enforcement Timeline, and What Italian Entities Must Do in 2026

Italy's Agenzia per la Cybersicurezza Nazionale (ACN) is enforcing NIS2 with surprise audits, dual-authority supervision, and personal liability for management. Essential entities face €10M fines. Complete guide to Italian NIS2 transposition, ACN registration, and compliance steps for Decree 138/2024.

NIS 2 · 18. Apr. 2026 · 13 min read

Critical Infrastructure Underwriting Under NIS2: Healthcare, Energy, and Transport in 2026

A sector-by-sector guide for cyber underwriters on NIS2 critical infrastructure compliance in healthcare, energy, and transport — including specific requirements, claim trends, underwriting questions, and coverage implications.

Cyber Resilience Act · 18. Apr. 2026 · 12 min read

Cyber Resilience Act vs NIS2 vs DORA: Which Regulation Applies to My Insured?

A practical comparison of the three major EU cybersecurity regulations — CRA, NIS2, and DORA — explaining scope, timelines, requirements, and what cyber insurance underwriters need to ask clients in 2026.

NIS 2 · 18. Apr. 2026 · 11 min read

NIS2 Article 21 Technical Measures: The Complete Security Requirements Breakdown for 2026

NIS2 Article 21 defines 10 mandatory security measures every essential and important entity must implement. Complete breakdown of each requirement with implementation guidance, audit evidence expectations, and compliance timeline.

NIS 2 · 18. Apr. 2026 · 11 min read

NIS2 France: ANSSI Compliance Requirements, Enforcement Timeline, and What French Entities Must Do in 2026

ANSSI is enforcing NIS2 across France with formal notice procedures and audits. Essential entities face €10M fines. Complete guide to French NIS2 transposition, ANSSI audit expectations, and compliance steps for OSE and OSI entities.

NIS 2 · 18. Apr. 2026 · 13 min read

NIS2 Spain: INCIBE Compliance Requirements, Enforcement Timeline, and What Spanish Entities Must Do in 2026

INCIBE and CCN are enforcing NIS2 across Spain with sector-specific audits and registration mandates. Essential entities face €10M fines. Complete guide to Spanish NIS2 transposition, INCIBE oversight, and compliance steps for operators.

NIS 2 · 17. Apr. 2026 · 8 min read

NIS2 Board Liability: Personal Fines, Bans, and What Management Must Know in 2026

NIS2 Article 20 holds management bodies personally liable for cybersecurity failures. This guide explains personal fines, temporary bans, and the 7 steps boards must take to protect themselves in 2026.

NIS 2 · 10. Apr. 2026 · 4 min read

NIS2 Intelligence Digest — BSI Enforcement Activated, Penalty Calculators Updated

Weekly intelligence on NIS2 enforcement, supervisory activity, and cyber insurance market developments across the EU.

NIS 2 · 10. Apr. 2026 · 6 min read

NIS2 Compliance Checklist for 2026: What Brokers Need to Verify Before Coverage Placement

Before placing cyber coverage for NIS2 in-scope clients, verify these 10 compliance checkpoints. Missing documentation is the most common coverage gap.

NIS 2 · 10. Apr. 2026 · 9 min read

NIS2 Penalties Explained: Essential vs Important Entities and What They Mean for Coverage

NIS2 fines range from €7M to €10M depending on entity classification. Understand essential vs important entity penalties and how compliance posture affects cyber insurance pricing.

NIS 2 · 10. Apr. 2026 · 16 min read

NIS2 Underwriting Questions: What Every Cyber Insurance Broker Should Ask

Practical Line 1, Line 2, and Line 3 underwriting questions for NIS2-exposed clients. Essential vs important entities. Coverage gaps brokers should flag.

Cyber Insurance · 31. März 2026 · 7 min read

Cyber Insurance Buying Guide 2026: What Every Business Needs to Know

A practical guide to choosing the right cyber insurance policy in 2026. Covers NIS2 compliance, key coverage areas, common exclusions, and how to get the best terms.

Ransomware · 31. März 2026 · 5 min read

Ransomware Claims in 2026: What the Data Tells Underwriters About Pricing Risk

Ransomware claims frequency is shifting again in 2026. Here is what the latest data patterns mean for how underwriters price cyber risk, structure deductibles, and evaluate ransomware-specific endorsements.

NIS 2 · 30. März 2026 · 10 min read

The NIS2 Audit Crunch: What Underwriters Need to Know Before June 30, 2026

With the June 30, 2026 NIS2 compliance audit deadline approaching, cyber underwriters face a narrow window to reassess risk profiles across their entire European portfolio. Here is what the audit requirement means for how you evaluate, price, and write cyber coverage.

AI · 17. Feb. 2026 · 7 min read

AI in Cyber Underwriting: Attacker, Defender, and Underwriter Perspectives

Exploring how AI transforms cyber risk from three angles: how threat actors weaponize it, how security teams deploy it, and how underwriters must adapt their approach.

Newsletter · 17. Feb. 2026 · 5 min read

Introducing The Underwriter's Edge

A new weekly newsletter for cyber underwriters, risk engineers, and brokers who want to stay ahead of threats, regulations, and emerging risks.

Living-Off-the-Land 2.0: How Autonomous AI Agents Are Weaponizing LOTL Tradecraft — And What It Means for Cyber Underwriting

DORA ICT Risk Management Framework: Complete Practitioner Guide for Financial Institutions and Their Insurers in 2026

How to Prepare for a NIS2 Audit: Documentation, Evidence, and Compliance Verification Guide (2026)