Article

Insurability of cyber fines: Navigating a complex and evolving risk landscape

Insurability of cyber fines: Navigating a complex and evolving risk landscape
Published Date
Feb 4 2026
Related people
Image of Charlie Weston-Simons
Charlie Weston-SimonsPartner, London
Image of Steven Hadwin
Steven HadwinCounsel, London
Image of Laurie-Anne Ancenys
Laurie-Anne AncenysPartner, Paris
Image of Dalila Korchane
Dalila KorchaneAssociate, Paris
Image of Hippolyte Marquetty
Hippolyte MarquettyPartner, Paris
Image of Nicole Wolters Ruckert
Nicole Wolters RuckertCounsel, Amsterdam
Image of Marleen Huisman
Marleen HuismanSenior Associate, Amsterdam
Image of Thomas Declerck
Thomas DeclerckPartner, Brussels
Image of Peter Van Dyck
Peter Van DyckPartner, Brussels
Image of Catherine Di Lorenzo
Dr. Catherine Di LorenzoPartner, Luxembourg
Image of Clara Boxus
Clara BoxusJunior Associate, Luxembourg
Image of Catharina Glugla
Catharina GluglaPartner, Dusseldorf
Image of David Schmid
Dr. David SchmidPartner, Frankfurt
Image of Piermaurizio Tafuni
Piermaurizio TafuniSenior Associate, Milan
Image of Francesca Corbinelli
Francesca CorbinelliAssociate, Milan
Image of Laur Badín
Laur BadínCounsel, Madrid
Image of Andrea Lisnier
Andrea LisnierAssociate, Madrid
Image of Justyna Ostrowska
Justyna OstrowskaCounsel, Warsaw
Image of Tom Butcher
Tom ButcherPartner, Abu Dhabi
Image of Umut Gürgey
Umut Gürgey Partner, Gedik & Eraksoy in association with A&O Shearman, Istanbul

The regulatory perimeter for cyber fines has expanded sharply, and the insurability of those fines has become a pressing concern for organizations across EMEA .

The Insurability of cyber fines report—jointly created by Aon and A&O Shearman is a comprehensive view of the expanding sources of cyber fines across jurisdictions in EMEA, how regulatory enforcement is becoming more assertive, and how the insurability of cyber fines remains an uncertain, jurisdiction specific issue.

As cyber incidents proliferate across every sector and jurisdiction, organizations face a rapidly evolving regulatory environment. Laws and frameworks such as the EU’s DORA (Digital Operational Resilience Act), the NIS2 Directive, and the UK’s forthcoming Cyber Security and Resilience Bill are driving a dependency on greater cyber resilience. 

But with these advances come increased fines and penalties for companies, executives, and board members who fail to ensure compliance.

Key findings at a glance

  • Regulatory reach Is growing: The sources of cyber fines have expanded sharply, with enforcement becoming more assertive and multi-layered.
  • Insurability remains uncertain: Whether cyber fines can be insured is highly jurisdiction-specific. Many countries restrict or prohibit insurance for criminal or punitive administrative fines, and where cover is available, it is typically limited to what is “insurable by law,” excluding deliberate or gross negligence.
  • Non-monetary penalties are rising: Sanctions such as orders to cease processing, mandatory audits, operational suspensions, or license revocations can be as disruptive as financial penalties.
  • Boardroom accountability: Boards and senior management face heightened expectations for oversight, investment, and preparedness in cyber risk mitigation.

“As new cyber laws and regulations come into effect across EMEA, the insurability of cyber fines remains a complex, evolving issue. With enforcement expected to increase, understanding the legal context and insurance constraints is essential. Our joint report highlights the need for practical action and proactive collaboration between legal, risk, and insurance teams to navigate this challenging landscape.”

“The insurability of cyber fines remains an uncertain and jurisdiction specific issue. This report highlights the importance of understanding local legal nuances, the need for close collaboration among legal, risk and insurance functions, and the imperative of staying ahead of regulatory developments.”

Pablo Constenla LLM, Head of Cyber and Financial Lines Coverage and Claims, EMEA, Aon

Why this report matters

The regulatory perimeter for cyber fines is expanding, enforcement is more assertive, and the insurability of fines is increasingly complex. Non-monetary penalties and heightened boardroom accountability add further layers of risk. Practical action and proactive collaboration between legal, risk, and insurance teams are essential to stay ahead.

Download the full report to discover:

  • Country-by-country analysis of insurability across EMEA
  • Practical recommendations for risk managers, in-house counsel, and insurance professionals
  • Insights on emerging regulatory trends and enforcement

Stay ahead of regulatory developments—request a copy of the Insurability of cyber fines report today.

Related capabilities