All our cyber-insurance news

AI Agents

An AI Agent Deleted a Startup's Production Database — Can You Insure Against That?

PocketOS lost its production database to a Cursor AI agent in 9 seconds. The incident exposes a gap in cyber insurance that most policies don't cover: AI-caused operational destruction with no external attacker.

Michael Guiao

7 min read

An AI Agent Deleted a Startup's Production Database — Can You Insure Against That?
Living-Off-the-Land 2.0: How Autonomous AI Agents Are Weaponizing LOTL Tradecraft — And What It Means for Cyber Underwriting
AI Agents · · 9 min read

Living-Off-the-Land 2.0: How Autonomous AI Agents Are Weaponizing LOTL Tradecraft — And What It Means for Cyber Underwriting

The convergence of agentic AI and living-off-the-land attack techniques is collapsing three attacker constraints at once: cost, skill, and detectability. A deep analysis of demonstrated capabilities, real incidents, and the underwriting implications that should reshape your risk selection in 2026.

AI in Cyber Underwriting: Attacker, Defender, and Underwriter Perspectives
AI · · 7 min read

AI in Cyber Underwriting: Attacker, Defender, and Underwriter Perspectives

Exploring how AI transforms cyber risk from three angles: how threat actors weaponize it, how security teams deploy it, and how underwriters must adapt their approach.

AI Risk Loading: Why Insurers Are Adding 10-15% and What It Means for Cyber Coverage
AI Risk · · 4 min read

AI Risk Loading: Why Insurers Are Adding 10-15% and What It Means for Cyber Coverage

Allianz's blanket surcharge on AI-related cyber coverage is the industry's first systematic attempt to price AI risk. Here's what brokers and risk engineers need to know.

Attackers Don't Wait 24 Hours: Why Daily ASM Scans Leave You Exposed
Attack Surface Management · · 6 min read

Attackers Don't Wait 24 Hours: Why Daily ASM Scans Leave You Exposed

Unit 42 research shows attackers scan for new CVEs within 15 minutes of disclosure. SecurityScorecard and UpGuard scan daily. Resiliently scans hourly. Here's why the gap matters for your cyber insurance renewal — and how hourly scanning with euro-denominated risk quantification changes the underwriting conversation.

Beazley vs. Allianz: Two Approaches to AI Risk in Cyber Insurance — What Brokers Must Know in 2026
AI Risk · · 4 min read

Beazley vs. Allianz: Two Approaches to AI Risk in Cyber Insurance — What Brokers Must Know in 2026

Beazley uses flat 10% AI sublimits, Allianz uses individual risk assessment with up to 30% uplift. A detailed comparison of the two dominant approaches and what DACH brokers need at renewal.

Cloud Outage Loss Scenario: When Your Infrastructure Provider Goes Dark
Cloud Outage · · 7 min read

Cloud Outage Loss Scenario: When Your Infrastructure Provider Goes Dark

A realistic loss scenario analyzing what happens when a major cloud provider outage strikes — business interruption cascades, insurance triggers, and the coverage gaps that leave policyholders exposed.

Critical Infrastructure Underwriting Under NIS2: Healthcare, Energy, and Transport in 2026
NIS 2 · · 13 min read

Critical Infrastructure Underwriting Under NIS2: Healthcare, Energy, and Transport in 2026

A sector-by-sector guide for cyber underwriters on NIS2 critical infrastructure compliance in healthcare, energy, and transport — including specific requirements, claim trends, underwriting questions, and coverage implications.

Denied: Why 1 in 4 Cyber Insurance Claims Gets Rejected in 2026
Claims · · 9 min read

Denied: Why 1 in 4 Cyber Insurance Claims Gets Rejected in 2026

21% of cyber insurance claims were denied or partially denied in 2025, up from 15% two years ago. Here are the specific reasons — and what brokers can do to prevent it.

Cyber Claims in 2026: Fewer Claims, Bigger Losses — The Severity Paradox
Claims · · 6 min read

Cyber Claims in 2026: Fewer Claims, Bigger Losses — The Severity Paradox

Cyber insurance claims frequency dropped 53% in early 2025 but average severity doubled for large accounts. What the data means for underwriters pricing risk in 2026.

Your Policy Says Cyber Event — But What Risk Does That Actually Expose?
Cyber Insurance · · 5 min read

Your Policy Says Cyber Event — But What Risk Does That Actually Expose?

Most cyber insurance policies define 'cyber event' so broadly that the term becomes meaningless for underwriting. Here is why that one definition matters more than any exclusion clause.

Cyber Insurance Buying Guide 2026: What Every Business Needs to Know
Cyber Insurance · · 7 min read

Cyber Insurance Buying Guide 2026: What Every Business Needs to Know

A practical guide to choosing the right cyber insurance policy in 2026. Covers NIS2 compliance, key coverage areas, common exclusions, and how to get the best terms.

Cyber Insurance Claims Process: Step-by-Step Guide for Filing and Settling Claims in 2026
Cyber Insurance · · 13 min read

Cyber Insurance Claims Process: Step-by-Step Guide for Filing and Settling Claims in 2026

Complete guide to the cyber insurance claims process — from incident detection to settlement. Learn notification deadlines, documentation requirements, common mistakes that delay payouts, and how to maximize your claim recovery.

How Much Does Cyber Insurance Cost in 2026? A Pricing Breakdown for Underwriters and Buyers
Cyber Insurance · · 5 min read

How Much Does Cyber Insurance Cost in 2026? A Pricing Breakdown for Underwriters and Buyers

Complete guide to cyber insurance pricing in 2026. Learn the key factors that determine premiums, from revenue size to security controls, with real market benchmarks for SMEs and mid-market companies.

Cyber Insurance Exclusions: What's NOT Covered in 2026
Cyber Insurance · · 8 min read

Cyber Insurance Exclusions: What's NOT Covered in 2026

Critical guide to cyber insurance exclusions and coverage gaps. Learn what most policies don't cover, from unencrypted devices to nation-state attacks, and how to protect your business from blind spots.

Cyber Insurance Policy Wording: 12 Essential Clauses Every Underwriter and Broker Must Check in 2026
Cyber Insurance · · 14 min read

Cyber Insurance Policy Wording: 12 Essential Clauses Every Underwriter and Broker Must Check in 2026

Practitioner guide to cyber insurance policy wording — the 12 critical clauses that determine coverage scope, exclusions, and claims outcomes. Written for underwriters, brokers, and risk managers comparing cyber policies in 2026.

Cyber Insurance Renewal Guide: How to Review, Renegotiate, and Switch Providers in 2026
Cyber Insurance · · 10 min read

Cyber Insurance Renewal Guide: How to Review, Renegotiate, and Switch Providers in 2026

Everything you need to know about renewing your cyber insurance policy in 2026. Learn when to start the renewal process, how to negotiate better premiums, what coverage changes to watch for, and when switching providers makes sense.

Cyber Insurance for Small Businesses in Europe: The Complete 2026 Guide
Cyber Insurance · · 8 min read

Cyber Insurance for Small Businesses in Europe: The Complete 2026 Guide

Everything small and medium businesses in the EU need to know about cyber insurance in 2026. Learn what coverage you need, how much it costs, NIS2 requirements, and how to find the right policy for your budget.

How to Prepare a Cyber Insurance Submission in 2026: The Complete Broker's Guide
Brokers · · 8 min read

How to Prepare a Cyber Insurance Submission in 2026: The Complete Broker's Guide

A step-by-step guide for insurance brokers preparing cyber submissions in 2026. Covers NIS2, DORA requirements, what underwriters actually check, common submission mistakes, and how the Instant Broker Scorecard cuts prep time from 3 hours to 3 seconds.

The Cyber Insurance Submission Crisis: 7 Reasons Brokers Can't Afford Manual Risk Assessments in 2026
Cyber Insurance · · 6 min read

The Cyber Insurance Submission Crisis: 7 Reasons Brokers Can't Afford Manual Risk Assessments in 2026

Cyber insurance submissions are broken. With premiums up 11% and carriers demanding quantified risk data, brokers who still prepare submissions manually are losing deals. Here's what's changing in 2026.

Cyber Resilience Act vs NIS2 vs DORA: Which Regulation Applies to My Insured?
Cyber Resilience Act · · 12 min read

Cyber Resilience Act vs NIS2 vs DORA: Which Regulation Applies to My Insured?

A practical comparison of the three major EU cybersecurity regulations — CRA, NIS2, and DORA — explaining scope, timelines, requirements, and what cyber insurance underwriters need to ask clients in 2026.

DORA ICT Risk Management Framework: What Cyber Insurance Underwriters Must Know in 2026
DORA · · 23 min read

DORA ICT Risk Management Framework: What Cyber Insurance Underwriters Must Know in 2026

Complete practitioner guide to the DORA ICT risk management framework for cyber insurance underwriting. Covers the 5 pillars, how they affect coverage decisions, underwriting questions for financial sector clients, and compliance deadlines.

DORA ICT Risk Management Framework: Complete Practitioner Guide for Financial Institutions and Their Insurers in 2026
DORA · · 16 min read

DORA ICT Risk Management Framework: Complete Practitioner Guide for Financial Institutions and Their Insurers in 2026

Comprehensive guide to the Digital Operational Resilience Act (DORA) ICT risk management framework. Covers all 5 pillars, compliance requirements, underwriting implications, and the intersection with NIS2 for EU financial institutions.

Insider Threat Loss Scenario: The Privileged Employee Who Walked Away With Everything
Insider Threat · · 7 min read

Insider Threat Loss Scenario: The Privileged Employee Who Walked Away With Everything

A detailed loss scenario analyzing an insider threat data exfiltration event — from detection through forensic investigation, regulatory reporting, and insurance recovery. Underwriters need to understand how insider claims differ from external attacks.

Instant Broker Scorecard (IBS): From Domain to Submission in 3 Seconds
Brokers · · 4 min read

Instant Broker Scorecard (IBS): From Domain to Submission in 3 Seconds

The Instant Broker Scorecard (IBS) turns any domain into an underwriter-ready risk assessment in 3 seconds — with financial exposure estimates in EUR, underwriter recommendations, and a printable PDF your carrier will actually read.

Introducing The Underwriter's Edge
Newsletter · · 5 min read

Introducing The Underwriter's Edge

A new weekly newsletter for cyber underwriters, risk engineers, and brokers who want to stay ahead of threats, regulations, and emerging risks.

The $250K Ceiling: What LLMjacking Sublimits Mean for Cyber Brokers
Llmjacking · · 6 min read

The $250K Ceiling: What LLMjacking Sublimits Mean for Cyber Brokers

QBE and Beazley just set a precedent with 10% AI sublimits. A $5M cyber policy now means max $250K for LLMjacking. Here's what brokers need to know — and do — before the next renewal.

The LOTL 2.0 Detection Gap: Why Your Current Security Stack May Be Blind to the Next Generation of Attacks
Detection Gap · · 8 min read

The LOTL 2.0 Detection Gap: Why Your Current Security Stack May Be Blind to the Next Generation of Attacks

Detailed analysis of the specific detection blind spots that autonomous LOTL attacks exploit — and the behavioral analytics, identity monitoring, and architectural changes that close them. Includes a control effectiveness matrix for underwriters and risk engineers.

LOTL 2.0 Incident Tracker: Documented Cases of AI-Augmented Living-Off-the-Land Attacks (2025–2026)
Incident Tracker · · 8 min read

LOTL 2.0 Incident Tracker: Documented Cases of AI-Augmented Living-Off-the-Land Attacks (2025–2026)

Living document tracking confirmed and suspected cases of autonomous or AI-augmented LOTL attacks in the wild. Updated as new evidence emerges. Includes attack chain analysis, tradecraft observations, and underwriting takeaways for each incident.

The Mid-Market Crosshairs: How LOTL 2.0 Eliminates the "Too Small to Target" Protection
Mid Market · · 7 min read

The Mid-Market Crosshairs: How LOTL 2.0 Eliminates the "Too Small to Target" Protection

Analysis of why mid-market organizations (€50M–€500M revenue) are the primary beneficiaries of the LOTL 2.0 shift, how attacker economics have fundamentally changed, and what this means for cyber insurance portfolio risk. Includes scenario modeling for underwriters.

The LOTL 2.0 Underwriting Playbook: Risk Selection Criteria When the Attacker Is an Algorithm
Underwriting · · 8 min read

The LOTL 2.0 Underwriting Playbook: Risk Selection Criteria When the Attacker Is an Algorithm

Practical underwriting framework for assessing cyber risk in the era of autonomous LOTL attacks. Includes revised risk scoring matrices, control weight adjustments, and application question updates for underwriters.

NIS2 Intelligence Digest — BSI Enforcement Activated, Penalty Calculators Updated
NIS 2 · · 4 min read

NIS2 Intelligence Digest — BSI Enforcement Activated, Penalty Calculators Updated

Weekly intelligence on NIS2 enforcement, supervisory activity, and cyber insurance market developments across the EU.

The NIS2 + AI Coverage Gap: When Your Cyber Policy Won't Cover the Incident NIS2 Requires You to Report
NIS 2 · · 9 min read

The NIS2 + AI Coverage Gap: When Your Cyber Policy Won't Cover the Incident NIS2 Requires You to Report

NIS2 mandates AI incident reporting for hundreds of thousands of EU entities. But most cyber insurance policies contain silent AI exclusions, sublimits, or ambiguity that leave insureds paying for AI incident response out of pocket — even though NIS2 required them to report the incident in the first place.

NIS2 Article 21 Technical Measures: The Complete Security Requirements Breakdown for 2026
NIS 2 · · 11 min read

NIS2 Article 21 Technical Measures: The Complete Security Requirements Breakdown for 2026

NIS2 Article 21 defines 10 mandatory security measures every essential and important entity must implement. Complete breakdown of each requirement with implementation guidance, audit evidence expectations, and compliance timeline.

The NIS2 Audit Crunch: What Underwriters Need to Know Before June 30, 2026
NIS 2 · · 10 min read

The NIS2 Audit Crunch: What Underwriters Need to Know Before June 30, 2026

With the June 30, 2026 NIS2 compliance audit deadline approaching, cyber underwriters face a narrow window to reassess risk profiles across their entire European portfolio. Here is what the audit requirement means for how you evaluate, price, and write cyber coverage.

How to Prepare for a NIS2 Audit: Documentation, Evidence, and Compliance Verification Guide (2026)
NIS 2 · · 12 min read

How to Prepare for a NIS2 Audit: Documentation, Evidence, and Compliance Verification Guide (2026)

Complete guide to NIS2 audit preparation. Covers documentation requirements by Article, evidence collection, common failures, management liability, and a 30-day pre-audit checklist for in-scope EU entities.

NIS2 Austria Compliance Guide: NISG 2026 Requirements, BMI Authority and DACH Region Framework for 2026
NIS 2 · · 11 min read

NIS2 Austria Compliance Guide: NISG 2026 Requirements, BMI Authority and DACH Region Framework for 2026

Complete guide to NIS2 compliance in Austria. Covers the NISG 2026 (Network and Information Systems Security Act), BMI/Bundesamt für Cybersicherheit authority, entity classification, sector requirements, CERT.at incident reporting, penalties up to €10M, and the 1 October 2026 entry into force deadline.

NIS2 Belgium Compliance Guide: CCB Requirements and CyberFundamentals Framework for 2026
NIS 2 · · 12 min read

NIS2 Belgium Compliance Guide: CCB Requirements and CyberFundamentals Framework for 2026

Complete guide to NIS2 compliance in Belgium. Covers the CCB enforcement framework, Law of 26 April 2024, CyberFundamentals (CyFun) compliance tracks, entity classification, sector requirements, penalties, and the 18 April 2026 deadline for essential entities.

NIS2 Board Liability: Personal Fines, Bans, and What Management Must Know in 2026
NIS 2 · · 8 min read

NIS2 Board Liability: Personal Fines, Bans, and What Management Must Know in 2026

NIS2 Article 20 holds management bodies personally liable for cybersecurity failures. This guide explains personal fines, temporary bans, and the 7 steps boards must take to protect themselves in 2026.

NIS2 Bulgaria Compliance Guide: Cybersecurity Act Amendments and DAEU Requirements for 2026
NIS 2 · · 13 min read

NIS2 Bulgaria Compliance Guide: Cybersecurity Act Amendments and DAEU Requirements for 2026

Complete guide to NIS2 compliance in Bulgaria — covering the amended Cybersecurity Act (Закон за киберсигурността), DAEU enforcement, National CSIRT bg incident reporting, entity classification, sector requirements, penalties, implementation timeline, and cyber insurance implications for Bulgarian entities.

NIS2 Compliance Is Now an Underwriting Requirement — Every Broker's Duty of Care
NIS 2 · · 4 min read

NIS2 Compliance Is Now an Underwriting Requirement — Every Broker's Duty of Care

The NIS2 transposition deadline has passed. With fewer than 10% of critical entities fully compliant, carriers are starting to exclude non-compliant organizations from coverage. For insurance brokers, failing to verify client NIS2 status is now a professional liability risk. Here's what you need to know.

NIS2 Compliance Checklist for 2026: What Brokers Need to Verify Before Coverage Placement
NIS 2 · · 6 min read

NIS2 Compliance Checklist for 2026: What Brokers Need to Verify Before Coverage Placement

Before placing cyber coverage for NIS2 in-scope clients, verify these 10 compliance checkpoints. Missing documentation is the most common coverage gap.

NIS2 Compliance Cost: What European Companies Actually Spend in 2026
NIS 2 · · 9 min read

NIS2 Compliance Cost: What European Companies Actually Spend in 2026

Real NIS2 compliance costs broken down by company size and sector. Essential entities spend €150K-€2M+, important entities €30K-€500K. Includes cost framework, hidden expenses, ROI calculation, and free tools to estimate your budget.

How NIS2 Compliance Lowers Cyber Insurance Premiums: The Business Case for Security Investment
NIS 2 · · 10 min read

How NIS2 Compliance Lowers Cyber Insurance Premiums: The Business Case for Security Investment

NIS2 compliance can reduce cyber insurance premiums by 15-40%. Learn which controls insurers value most, how to document compliance for underwriters, and calculate the ROI of security investment against premium savings.

NIS2 Croatia Compliance Guide: Cybersecurity Act (Zakon o kibernetičkoj sigurnosti) and AZOP Requirements for 2026
NIS 2 · · 15 min read

NIS2 Croatia Compliance Guide: Cybersecurity Act (Zakon o kibernetičkoj sigurnosti) and AZOP Requirements for 2026

Complete guide to NIS2 compliance in Croatia — covering the Cybersecurity Act (Zakon o kibernetičkoj sigurnosti), UVNS/NCSC-HR enforcement, CERT.hr incident reporting, entity classification, sector requirements, penalties, implementation timeline, and cyber insurance implications for Croatian entities.

NIS2 Cyprus Compliance Guide: Security of Networks and Information Systems Law and DSA Requirements for 2026
NIS 2 · · 16 min read

NIS2 Cyprus Compliance Guide: Security of Networks and Information Systems Law and DSA Requirements for 2026

Complete guide to NIS2 compliance in Cyprus — covering the Security of Networks and Information Systems Law (N.89(I)/2020 as amended by N.60(I)/2025), Digital Security Authority (DSA) enforcement, CSIRT-CY incident reporting, entity classification, sector requirements, penalties, implementation timeline, and cyber insurance implications for Cypriot entities.

NIS2 Czech Republic Compliance Guide: Act No. 264/2025, NÚKIB Authority and Strategically Important Services for 2026
NIS 2 · · 8 min read

NIS2 Czech Republic Compliance Guide: Act No. 264/2025, NÚKIB Authority and Strategically Important Services for 2026

Complete guide to NIS2 compliance in the Czech Republic. Covers Act No. 264/2025 Coll., NÚKIB authority, uniquely expanded scope with "strategically important services," entity classification, higher vs. lower obligations regimes, penalties up to CZK 250M (~€10M), and registration deadlines.

NIS2 Denmark Compliance Guide: NIS-2-loven, CFCS Authority and Danish Cybersecurity Framework for 2026
NIS 2 · · 8 min read

NIS2 Denmark Compliance Guide: NIS-2-loven, CFCS Authority and Danish Cybersecurity Framework for 2026

Complete guide to NIS2 compliance in Denmark. Covers the NIS-2-loven (Bill L 141), CFCS authority under Defence Intelligence, SAMSIK registration, entity classification, sector-specific obligations, criminal enforcement model, penalties up to DKK 75M (~€10M), and key registration deadlines.

NIS2 Penalties Explained: Essential vs Important Entities for 2026
NIS 2 · · 5 min read

NIS2 Penalties Explained: Essential vs Important Entities for 2026

Understand the critical difference between NIS2 essential and important entities. Classification criteria, compliance requirements, penalty differences, and what it means for your cyber insurance.

NIS2 Estonia Compliance Guide: Cybersecurity Act Amendments and RIA Requirements for 2026
NIS 2 · · 13 min read

NIS2 Estonia Compliance Guide: Cybersecurity Act Amendments and RIA Requirements for 2026

Complete guide to NIS2 compliance in Estonia — covering the amended Cybersecurity Act (Küberturvalisuse seadus), RIA enforcement, CERT-EE incident reporting, entity classification, sector requirements, penalties, phased implementation timeline, and cyber insurance implications for Estonian entities.

NIS2 Finland Compliance Guide: Kyberturvallisuuslaki (Act 124/2025), Traficom Authority and Kybermittari Framework for 2026
NIS 2 · · 9 min read

NIS2 Finland Compliance Guide: Kyberturvallisuuslaki (Act 124/2025), Traficom Authority and Kybermittari Framework for 2026

Complete guide to NIS2 compliance in Finland. Covers the Kyberturvallisuuslaki (Cybersecurity Act 124/2025), Traficom/NCSC-FI authority, free Kybermittari self-assessment tool, entity classification with 50,000-resident municipal threshold, guidance-first enforcement, penalties up to €10M, and key registration deadlines.

NIS2 France: ANSSI Compliance Requirements, Enforcement Timeline, and What French Entities Must Do in 2026
NIS 2 · · 11 min read

NIS2 France: ANSSI Compliance Requirements, Enforcement Timeline, and What French Entities Must Do in 2026

ANSSI is enforcing NIS2 across France with formal notice procedures and audits. Essential entities face €10M fines. Complete guide to French NIS2 transposition, ANSSI audit expectations, and compliance steps for OSE and OSI entities.

How to Conduct a NIS2 Gap Analysis: Step-by-Step Readiness Assessment for 2026
NIS 2 · · 12 min read

How to Conduct a NIS2 Gap Analysis: Step-by-Step Readiness Assessment for 2026

Complete NIS2 gap analysis methodology with step-by-step instructions, free checklist template, and readiness scoring framework. Identify compliance gaps across all 10 Article 21 measures, incident reporting, governance, and supply chain security before your national authority does.

NIS2 Greece Compliance Guide: ENSI Authority, Maritime & Energy Sector Requirements, and What Greek Entities Must Do in 2026
NIS 2 · · 13 min read

NIS2 Greece Compliance Guide: ENSI Authority, Maritime & Energy Sector Requirements, and What Greek Entities Must Do in 2026

Complete guide to NIS2 compliance in Greece. Covers the ENSI (Εθνική Αρχή Κυβερνοασφάλειας) authority, entity classification, maritime fleet obligations, island energy infrastructure, GR-CSIRT incident reporting, penalties up to €10M, and the compliance roadmap for Greek entities.

NIS2 Hungary Multi-Authority Enforcement Guide: NBI Sectoral Oversight, NKH Coordination, and Cross-Authority Compliance for 2026
NIS 2 · · 18 min read

NIS2 Hungary Multi-Authority Enforcement Guide: NBI Sectoral Oversight, NKH Coordination, and Cross-Authority Compliance for 2026

Comprehensive guide to Hungary's multi-authority NIS2 enforcement model — covering NBI (National Security Authority) sectoral oversight for defence and security, NKH health sector coordination, cross-authority cooperation with SZTFH, interagency information-sharing frameworks, entity obligations across multiple regulators, and cyber insurance implications for Hungarian entities navigating the cooperative supervisory regime.

NIS2 Hungary Compliance Guide: Act LXIX of 2024, SZTFH Enforcement, and NKI Requirements for 2026
NIS 2 · · 15 min read

NIS2 Hungary Compliance Guide: Act LXIX of 2024, SZTFH Enforcement, and NKI Requirements for 2026

Complete guide to NIS2 compliance in Hungary — covering Act LXIX of 2024 on the Cybersecurity of Hungary, SZTFH enforcement, NKI incident reporting, entity classification, mandatory audit system, NIST-based risk classification, penalties, implementation timeline, and cyber insurance implications for Hungarian entities.

NIS2 Ireland Preparation Guide: National Cyber Security Bill, NCSC Ireland and CyFun Framework for 2026
NIS 2 · · 8 min read

NIS2 Ireland Preparation Guide: National Cyber Security Bill, NCSC Ireland and CyFun Framework for 2026

Complete guide to NIS2 preparation in Ireland. Covers the pending National Cyber Security Bill, NCSC Ireland authority, CyFun compliance framework adopted from Belgium, 15 Risk Management Measures, entity classification expectations, and what organizations should do now despite legislation not yet enacted.

NIS2 Italy: ACN Compliance Requirements, Enforcement Timeline, and What Italian Entities Must Do in 2026
NIS 2 · · 12 min read

NIS2 Italy: ACN Compliance Requirements, Enforcement Timeline, and What Italian Entities Must Do in 2026

Italy's Agenzia per la Cybersicurezza Nazionale (ACN) is enforcing NIS2 with surprise audits, dual-authority supervision, and personal liability for management. Essential entities face €10M fines. Complete guide to Italian NIS2 transposition, ACN registration, and compliance steps for Decree 138/2024.

NIS2 Malta Compliance Guide: MITA Competent Authority, NIS2 Implementing Regulations, and CSIRT-MT Incident Reporting for 2026
NIS 2 · · 18 min read

NIS2 Malta Compliance Guide: MITA Competent Authority, NIS2 Implementing Regulations, and CSIRT-MT Incident Reporting for 2026

Complete guide to NIS2 compliance in Malta — covering the NIS2 Implementing Regulations 2025 under the Malta Digital Innovation Authority Act, MITA as the competent authority and SPOC, CSIRT-MT incident reporting, entity classification tailored to Malta's small market, sector requirements, penalties, implementation timeline, and cyber insurance implications for Maltese entities.

NIS2 Netherlands Compliance Guide: NCSC-NL Requirements for Dutch Entities
NIS 2 · · 11 min read

NIS2 Netherlands Compliance Guide: NCSC-NL Requirements for Dutch Entities

Complete guide to NIS2 compliance in the Netherlands. Covers NCSC-NL enforcement, Uitvoeringswet cybersecurityrichtlijn implementation, sector-specific requirements, deadlines, penalties, and what Dutch entities must do now.

NIS2 Penalties Explained: Essential vs Important Entities and What They Mean for Coverage
NIS 2 · · 9 min read

NIS2 Penalties Explained: Essential vs Important Entities and What They Mean for Coverage

NIS2 fines range from €7M to €10M depending on entity classification. Understand essential vs important entity penalties and how compliance posture affects cyber insurance pricing.

NIS2 Poland Compliance Guide: Ustawa o Cyberbezpieczeństwie and NCSA Requirements for 2026
NIS 2 · · 13 min read

NIS2 Poland Compliance Guide: Ustawa o Cyberbezpieczeństwie and NCSA Requirements for 2026

Complete guide to NIS2 compliance in Poland — covering the amended Cybersecurity Act (Ustawa o cyberbezpieczeństwie), NCSA enforcement, entity classification under Polish law, sector requirements, penalties, and implementation timeline for Polish entities.

NIS2 Portugal Compliance Guide: Decree-Law 125/2025, CNCS Authority and Four-Tier Entity Framework for 2026
NIS 2 · · 8 min read

NIS2 Portugal Compliance Guide: Decree-Law 125/2025, CNCS Authority and Four-Tier Entity Framework for 2026

Complete guide to NIS2 compliance in Portugal. Covers Decree-Law 125/2025 (Regime Jurídico da Cibersegurança), CNCS authority, unique four-tier entity classification, mandatory cybersecurity officer appointment, 24-month delayed enforcement, penalties up to €10M, and key registration deadlines.

NIS2 Romania Compliance Guide: Romanian Cybersecurity Law and ANSI Requirements for 2026
NIS 2 · · 11 min read

NIS2 Romania Compliance Guide: Romanian Cybersecurity Law and ANSI Requirements for 2026

Complete guide to NIS2 compliance in Romania — covering the amended Cybersecurity Law (Legea 361/2018), ANSI enforcement, STS coordination, entity classification, sector requirements, penalties, and implementation timeline for Romanian entities.

NIS2 Slovakia Compliance Guide: Act on Cybersecurity Amendment, NBU Enforcement, and SK-CERT Incident Reporting for 2026
NIS 2 · · 20 min read

NIS2 Slovakia Compliance Guide: Act on Cybersecurity Amendment, NBU Enforcement, and SK-CERT Incident Reporting for 2026

Complete guide to NIS2 compliance in Slovakia — covering the amended Act on Cybersecurity (Zákon o kybernetickej bezpečnosti), NBU (National Security Authority) enforcement as the competent authority and SPOC, SK-CERT incident reporting, entity classification, sector requirements, penalties, implementation timeline, and cyber insurance implications for Slovak entities.

NIS2 Slovenia Compliance Guide: Cybersecurity Act (ZKV-1), URSIV Enforcement, and SI-CERT Incident Reporting for 2026
NIS 2 · · 18 min read

NIS2 Slovenia Compliance Guide: Cybersecurity Act (ZKV-1), URSIV Enforcement, and SI-CERT Incident Reporting for 2026

Complete guide to NIS2 compliance in Slovenia — covering the Cybersecurity Act (Zakon o kibernetski varnosti / ZKV-1), URSIV enforcement as the national competent authority, SI-CERT incident reporting operated by ARNES, entity classification, sector requirements, penalties, implementation timeline, and cyber insurance implications for Slovenian entities.

NIS2 Spain: INCIBE Compliance Requirements, Enforcement Timeline, and What Spanish Entities Must Do in 2026
NIS 2 · · 13 min read

NIS2 Spain: INCIBE Compliance Requirements, Enforcement Timeline, and What Spanish Entities Must Do in 2026

INCIBE and CCN are enforcing NIS2 across Spain with sector-specific audits and registration mandates. Essential entities face €10M fines. Complete guide to Spanish NIS2 transposition, INCIBE oversight, and compliance steps for operators.

NIS2 Supply Chain Security Requirements: Third-Party Risk Management Guide for 2026
NIS 2 · · 10 min read

NIS2 Supply Chain Security Requirements: Third-Party Risk Management Guide for 2026

NIS2 Article 21 mandates supply chain security for all essential and important entities. Complete guide to third-party risk assessments, vendor security clauses, supply chain vulnerability monitoring, and compliance evidence — with free checklist and implementation templates.

NIS2 Sweden Compliance Guide: Cybersäkerhetslagen SFS 2025:1506, MCF Authority and Nordic Framework for 2026
NIS 2 · · 11 min read

NIS2 Sweden Compliance Guide: Cybersäkerhetslagen SFS 2025:1506, MCF Authority and Nordic Framework for 2026

Complete guide to NIS2 compliance in Sweden. Covers the Cybersäkerhetslagen (Cybersecurity Act SFS 2025:1506), MCF (formerly MSB) authority, CERT-SE incident reporting, entity classification, sector requirements, decentralized supervision model, penalties up to €10M, and the January 2026 entry into force.

NIS2 Underwriting Questions: What Every Cyber Insurance Broker Should Ask
NIS 2 · · 16 min read

NIS2 Underwriting Questions: What Every Cyber Insurance Broker Should Ask

Practical Line 1, Line 2, and Line 3 underwriting questions for NIS2-exposed clients. Essential vs important entities. Coverage gaps brokers should flag.

Pricing Blind: When You Can't See the Risk You're Insuring
Underwriting · · 5 min read

Pricing Blind: When You Can't See the Risk You're Insuring

Cyber underwriters are pricing policies based on questionnaires and self-reported data while the real attack surface stays hidden. Here is what you are missing and how to fix it.

Ransomware Claims in 2026: What the Data Tells Underwriters About Pricing Risk
Ransomware · · 5 min read

Ransomware Claims in 2026: What the Data Tells Underwriters About Pricing Risk

Ransomware claims frequency is shifting again in 2026. Here is what the latest data patterns mean for how underwriters price cyber risk, structure deductibles, and evaluate ransomware-specific endorsements.

Ransomware and Cyber Insurance: What Policies Actually Cover in 2026
Ransomware · · 7 min read

Ransomware and Cyber Insurance: What Policies Actually Cover in 2026

Cyber insurance policies are being rewritten in real-time as ransomware losses reshape the market. Here is what is covered, what is excluded, and what underwriters are demanding before they write the risk.

Ransomware Underwriting Models in 2026: From Flat Premiums to Dynamic Risk Pricing
Ransomware · · 6 min read

Ransomware Underwriting Models in 2026: From Flat Premiums to Dynamic Risk Pricing

Cyber underwriters still using flat ransomware pricing are leaving money on the table. Here is how leading insurers are building dynamic pricing models using threat intelligence, sector exposure, and real-time data.

Residual Risk Is Why Insurance Exists
Residual Risk · · 6 min read

Residual Risk Is Why Insurance Exists

Security reduces risk. It never eliminates it. The gap between what controls can achieve and what remains is residual risk — the entire reason cyber insurance exists. And it is the most under-discussed concept in the industry.

The Resilience Stack™: A Five-Layer Framework for Cyber Insurance Risk Assessment
Resilience Stack · · 12 min read

The Resilience Stack™: A Five-Layer Framework for Cyber Insurance Risk Assessment

Introducing The Resilience Stack™ — Resiliently's proprietary framework that maps the full cyber risk journey from external threats to insurance readiness, with free assessment tools at every layer.

Why SMBs Can't Afford Cyber Risk Quantification (And Why That's About to Change)
Cyber Risk Quantification · · 5 min read

Why SMBs Can't Afford Cyber Risk Quantification (And Why That's About to Change)

Safe Security costs $50k+/yr. Kovrr is enterprise-only. Axio requires dedicated risk analysts. Meanwhile, SMBs with €10M-€500M revenue are expected to quantify cyber risk for insurance submissions with none of these tools. Resiliently brings FAIR-aligned Monte Carlo simulation to SMBs at €49/month — with euro-denominated output that underwriters actually use.

Supply Chain Attack Loss Scenario: What Happens When Your Vendor Gets Compromised
Supply Chain · · 7 min read

Supply Chain Attack Loss Scenario: What Happens When Your Vendor Gets Compromised

A detailed walkthrough of a realistic supply chain cyber attack loss scenario — from initial compromise through business interruption, third-party claims, and insurance recovery. Essential reading for underwriters pricing vendor-dependent risks.

The Resilience Stack™: A 5-Layer Framework for Cyber Insurance Risk Assessment
Resilience Stack · · 21 min read

The Resilience Stack™: A 5-Layer Framework for Cyber Insurance Risk Assessment

Introducing the Resilience Stack™ — RESILIENTLY's proprietary framework for evaluating cyber risk across five layers: threat landscape, exposure surface, regulatory posture, financial impact, and insurance readiness.

Why Existing Attack Surface Tools Are Failing Insurance Brokers
Security Ratings · · 6 min read

Why Existing Attack Surface Tools Are Failing Insurance Brokers

SecurityScorecard charges $100K for vendor risk ratings that do not help brokers place coverage. Resiliently Broker Scorecard fills the gap - financial exposure estimates, underwriter-ready PDFs, and binding recommendations at EUR49/month.

Why Brokers Pay €49/mo Instead of $16,500/yr — The Attack Surface Management Pricing Revolution
Broker Tools · · 6 min read

Why Brokers Pay €49/mo Instead of $16,500/yr — The Attack Surface Management Pricing Revolution

SecurityScorecard starts at $16,500/year. UpGuard at $21,000. Assetnote at $230,000. Yet 70% of cyber insurance submissions are placed by independent brokers who can't justify that spend. Resiliently delivers hourly scanning + euro risk quantification for €49/month. Here's how the math works — and why it changes everything for the submission process.

Zurich's £8.1B Beazley Acquisition: What It Means for Cyber Insurance's Future
Cyber Insurance · · 6 min read

Zurich's £8.1B Beazley Acquisition: What It Means for Cyber Insurance's Future

Zurich Insurance just agreed to acquire Beazley for £8.1 billion — the largest cyber insurance deal in history. Here's what the acquisition means for brokers, underwriters, and the broader cyber risk market.

blog.featured

The Resilience Stack™: A Five-Layer Framework for Cyber Insurance Risk Assessment

Resilience Stack ·

12 min read

The Cyber Insurance Submission Crisis: 7 Reasons Brokers Can't Afford Manual Risk Assessments in 2026

Cyber Insurance ·

6 min read

Cyber Risk Quantification Tools 2026: The $50K Gap Between Free and Enterprise

Cyber Risk Quantification ·

4 min read

NIS2 Compliance Is Now an Underwriting Requirement — Every Broker's Duty of Care

NIS 2 ·

4 min read

Premium Report

2026 Cyber Risk Landscape Report

24 pages of threat analysis, claims data, and underwriting implications for European cyber insurance.

View Reports →