4

How is regulation influencing cyber insurance claims and costs and how can you manage them?

Key claims data insight

Read more about what this means for your business

What this means for your business

Global cyber and data protection regulation continues to increase in volume and complexity, particularly in sectors either handling financial, health or personal information or interacting with critical infrastructure. Regulators are shifting their focus towards broader cyber resilience. The UK’s new Cyber Security and Resilience Bill and the Digital Operational Resilience Act (DORA) in the EU represent a deliberate shift from reactive, incident-focused compliance to how well organizations can withstand, respond to and recover from cyber disruption. Regulators are also moving toward shorter reporting windows and broader notification obligations, meaning your business needs to be ready to act quickly.

“Regulators are also moving toward shorter reporting windows and broader notification obligations, meaning your business needs to be ready to act quickly.”

Priority actions to better assess, quantify, protect against and recover from regulatory risks

1

Be clear on the regulations that could impact your organization and understand regulators’ expectations, particularly where you operate across multiple jurisdictions, bearing in mind. regulations aren’t static so you should keep this under ongoing review.

2

3

Document your decision-making process and ensure you include regulatory notifications in your incident response planning. The cyber insurance underwriting process is an opportunity to demonstrate your organization's approach to identifying and managing cyber risk.

Make sure your cyber insurance reflects your regulatory exposures, including regulatory investigations, legal defense, notification and credit monitoring and strengthen coverage for privacy violations, wrongful data collection and vendor-driven outages.

“Document your decision-making process and ensure you include regulatory notifications in your incident response planning”

Industry spotlight: Financial institutions

Financial institutions account for 16% of all cyber notifications in our dataset, with the insurance sector alone representing almost half (49%) of FI‑related incidents. The sector exhibits the highest concentration of data breaches involving more than 100,000 compromised records.

The associated loss profile shows financial institutions face both low‑frequency, high‑severity losses (exceeding $100m) and high‑frequency, low‑severity events (below $100k). The average loss for the sector of $6.9m is more than twice the average across all other claims in our data set.

Loss severity is largely driven by regulatory and settlement costs, alongside credit‑monitoring obligations. These account for nearly 70% of total losses incurred. Financial institutions should consider these losses when determining the appropriate cyber insurance retentions, limits and overall program structure.