NIS2 and DORA: What Cyber Underwriters Need to Know
A practical breakdown of how the NIS2 Directive and DORA regulation affect cyber insurance underwriting in Europe.
The European regulatory landscape for cybersecurity is shifting fast. Two frameworks — NIS2 and DORA — are reshaping how organizations approach cyber resilience, and that has direct implications for how we underwrite cyber risk.
For a complete practitioner breakdown of the DORA ICT Risk Management Framework and specific underwriting questions per pillar, see our DORA ICT Risk Framework: What Underwriters Must Know.
What Changed with NIS2
The NIS2 Directive expanded scope significantly compared to its predecessor. More sectors, stricter requirements, and real enforcement teeth. For underwriters, this means the questions we ask during risk assessments need to evolve.
DORA and Financial Services
The Digital Operational Resilience Act targets financial entities specifically. It mandates ICT risk management frameworks, incident reporting, and third-party risk oversight. If you’re underwriting financial institutions in Europe, DORA compliance is now a baseline expectation.
For the complete breakdown of all five DORA ICT risk management pillars with specific underwriting questions per pillar, see our DORA ICT Risk Management Framework: Complete Practitioner Guide.
What This Means for Underwriting
These regulations create both risk and opportunity. Organizations that invest in compliance tend to have stronger security postures. But the transition period — where companies are still catching up — is where the exposure sits.
The key is asking the right questions during risk assessments and understanding where regulatory gaps translate to actual cyber risk. For a complete NIS2 compliance walkthrough with free tools, see our NIS2 Compliance Guide.
Go deeper with premium cyber risk reports
Professional-grade analysis, NIS2 compliance guides, and threat intelligence — used by underwriters across Europe.
Best Value
Pro Membership
€49 €19 /month
Founding member price — lock it in forever
Unlimited reports + tools + alerts
Subscribe Now → 30-day money-back
Secure via Stripe
Cancel anytime
Free NIS2 Compliance Checklist
Get the free 15-point PDF checklist + NIS2 compliance tips in your inbox.
Check your inbox! Your checklist download is on its way.
Something went wrong. Please try again.
No spam. Unsubscribe anytime. Privacy Policy
blog.featured
The Resilience Stack™: A Five-Layer Framework for Cyber Insurance Risk Assessment
Resilience Stack ·
12 min read
The Cyber Insurance Submission Crisis: 7 Reasons Brokers Can't Afford Manual Risk Assessments in 2026
Cyber Insurance ·
6 min read
Cyber Risk Quantification Tools 2026: The $50K Gap Between Free and Enterprise
Cyber Risk Quantification ·
4 min read
NIS2 Compliance Is Now an Underwriting Requirement — Every Broker's Duty of Care
NIS 2 ·
4 min read
Premium Report
2026 Cyber Risk Landscape Report
24 pages of threat analysis, claims data, and underwriting implications for European cyber insurance.
View Reports →Verwandte Artikel
Agentic AI · · 8 min read
Agentic Security: What Underwriters Need to Know in 2026
Autonomous AI agents are entering production at scale — and they bring a completely new attack surface that traditional cyber insurance questionnaires weren't designed to capture.
AI Agents · · 9 min read
Living-Off-the-Land 2.0: How Autonomous AI Agents Are Weaponizing LOTL Tradecraft — And What It Means for Cyber Underwriting
The convergence of agentic AI and living-off-the-land attack techniques is collapsing three attacker constraints at once: cost, skill, and detectability. A deep analysis of demonstrated capabilities, real incidents, and the underwriting implications that should reshape your risk selection in 2026.
AI Ops · · 1 min read
How AI Is Changing Cyber Risk Assessment
A look at how AI and multi-agent systems are starting to transform the way we evaluate and underwrite cyber risk.