ARTICLE
11 February 2026

Insurability Of Cyber Fines: Navigating A Complex And Evolving Risk Landscape

AO
A&O Shearman

Contributor

A&O Shearman logo
A&O Shearman was formed in 2024 via the merger of two historic firms, Allen & Overy and Shearman & Sterling. With nearly 4,000 lawyers globally, we are equally fluent in English law, U.S. law and the laws of the world’s most dynamic markets. This combination creates a new kind of law firm, one built to achieve unparalleled outcomes for our clients on their most complex, multijurisdictional matters – everywhere in the world. A firm that advises at the forefront of the forces changing the current of global business and that is unrivalled in its global strength. Our clients benefit from the collective experience of teams who work with many of the world’s most influential companies and institutions, and have a history of precedent-setting innovations. Together our lawyers advise more than a third of NYSE-listed businesses, a fifth of the NASDAQ and a notable proportion of the London Stock Exchange, the Euronext, Euronext Paris and the Tokyo and Hong Kong Stock Exchanges.
Explore Firm Details
The regulatory perimeter for cyber fines has expanded sharply, and the insurability of those fines has become a pressing concern for organizations across EMEA .
United States Insurance
Charlie Weston-Simons,Steven Hadwin,Dalila Korchane
+17 Authors
 Your Author LinkedIn Connections
Charlie Weston-Simons’s articles from A&O Shearman are most popular:
  • with Finance and Tax Executives
  • with readers working within the Insurance industries

The regulatory perimeter for cyber fines has expanded sharply, and the insurability of those fines has become a pressing concern for organizations across EMEA .

The Insurability of cyber fines report—jointly created by Aon and A&O Shearman is a comprehensive view of the expanding sources of cyber fines across jurisdictions in EMEA, how regulatory enforcement is becoming more assertive, and how the insurability of cyber fines remains an uncertain, jurisdiction specific issue.

As cyber incidents proliferate across every sector and jurisdiction, organizations face a rapidly evolving regulatory environment. Laws and frameworks such as the EU's DORA (Digital Operational Resilience Act), the NIS2 Directive, and the UK's forthcoming Cyber Security and Resilience Bill are driving a dependency on greater cyber resilience.

But with these advances come increased fines and penalties for companies, executives, and board members who fail to ensure compliance.

Key findings at a glance

  • Regulatory reach Is growing: The sources of cyber fines have expanded sharply, with enforcement becoming more assertive and multi-layered.
  • Insurability remains uncertain: Whether cyber fines can be insured is highly jurisdiction-specific. Many countries restrict or prohibit insurance for criminal or punitive administrative fines, and where cover is available, it is typically limited to what is "insurable by law," excluding deliberate or gross negligence.
  • Non-monetary penalties are rising: Sanctions such as orders to cease processing, mandatory audits, operational suspensions, or license revocations can be as disruptive as financial penalties.
  • Boardroom accountability: Boards and senior management face heightened expectations for oversight, investment, and preparedness in cyber risk mitigation.

Why this report matters

The regulatory perimeter for cyber fines is expanding, enforcement is more assertive, and the insurability of fines is increasingly complex. Non-monetary penalties and heightened boardroom accountability add further layers of risk. Practical action and proactive collaboration between legal, risk, and insurance teams are essential to stay ahead.

Download the full report to discover:

  • Country-by-country analysis of insurability across EMEA
  • Practical recommendations for risk managers, in-house counsel, and insurance professionals
  • Insights on emerging regulatory trends and enforcement

Stay ahead of regulatory developments—request a copy of the Insurability of cyber fines report today.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Charlie Weston-Simons
Charlie Weston-Simons
Photo of Steven Hadwin
Steven Hadwin
Photo of Laurie-Anne Ancenys
Laurie-Anne Ancenys
Photo of Dalila Korchane
Dalila Korchane
Photo of Hippolyte Marquetty
Hippolyte Marquetty
Photo of Nicole Wolters Ruckert
Nicole Wolters Ruckert
Photo of Thomas Declerck
Thomas Declerck
Photo of Peter Van Dyck
Peter Van Dyck
Photo of Catherine Di Lorenzo
Catherine Di Lorenzo
Photo of Catharina Glugla
Catharina Glugla
Photo of David Schmid
David Schmid
Photo of Piermaurizio Tafuni
Piermaurizio Tafuni
Photo of Francesca Corbinelli
Francesca Corbinelli
Photo of Laur Badin
Laur Badin
Photo of Justyna Ostrowska
Justyna Ostrowska
Photo of Umut Gürgey
Umut Gürgey
Photo of Marleen Huisman
Marleen Huisman
Photo of Clara Boxus
Clara Boxus
Photo of Andrea Lisnier
Andrea Lisnier
Photo of Tom Butcher
Tom Butcher
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More