Germany's Federal Financial Supervisory Authority (BaFin) has published findings from its third cyber insurance market survey, describing the sector as a volatile and rapidly evolving market. BaFin introduced a separate insurance class and dedicated reporting obligation for cyber risks as of the 2025 financial year, and flagged systemic accumulation risk — where one major incident could trigger widespread simultaneous losses globally — as its primary supervisory concern.
Germany's financial watchdog, the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin), has surveyed domestic insurance companies on cyber insurance for the third time, publishing its findings and characterizing the sector as a notably volatile market. The survey reflects the growing weight BaFin places on cyber insurance as a critical pillar of Germany's economic resilience against escalating cyberattacks.
A major structural development is the formal creation of a separate insurance class for cyber risks. As of the 2025 financial year, a standalone reporting obligation now applies to cyber insurance under the German Insurance Reporting Regulation (BerVersV) for the first time domestically — aligning Germany with an EU-wide reporting requirement that has been in force since the 2023 financial year. This dedicated reporting structure gives BaFin far better visibility into premium volumes, loss ratios, claims trends, and coverage terms across the German market, which it needs given the limited historical claims experience data available for this relatively young line of business.
BaFin's primary supervisory concern centres on what it describes as accumulation risk: the danger that a single large-scale cyberattack — targeting critical infrastructure, a widely used software platform, or a major cloud provider — could simultaneously trigger claims across a very large number of insurers and policyholders. This is a fundamentally different risk profile from most traditional insurance lines, where losses are typically uncorrelated and geographically diversified. A single incident causing widespread losses on a global scale is precisely the scenario that makes cyber risk so challenging to price, reserve for, and reinsure.
The survey comes amid a broader BaFin regulatory agenda for 2026 that includes a circular issued in April confirming the legal permissibility of ransom insurance under German supervisory law, the expansion of BaFin's investigative and supervisory powers under the BRUBEG legislation effective March 31, 2026, and a proposed 9th revision of its Minimum Requirements for Risk Management (MaRisk) aimed at a more principles-based, proportionate approach. At the global level, Munich Re estimates the cyber insurance market reached approximately $15 billion in premiums in 2025, with growth projected to exceed 10% annually through 2030 — meaning the systemic concerns BaFin raises will only grow in importance as the market expands.
Key Points
- 1BaFin describes cyber insurance as a volatile, rapidly evolving market in its third sector survey
- 2A separate cyber insurance class with standalone reporting obligations applies from the 2025 financial year
- 3Systemic accumulation risk — one incident causing widespread simultaneous losses — is BaFin's primary concern
- 4The EU-level cyber insurance reporting obligation has applied since the 2023 financial year
- 5Munich Re estimates the global cyber insurance market reached approximately $15 billion in premiums in 2025
Why This Matters
Germany is Europe's largest economy and a major hub for industrial and corporate insurance. BaFin's formal cyber insurance reporting framework signals that European regulators treat digital risk with the same systemic seriousness as natural catastrophe risk. For global insurers and reinsurers writing cyber business, managing correlated accumulation risk is now a regulatory expectation. Businesses purchasing cyber cover in Germany and the EU should expect tighter underwriting, enhanced policy scrutiny, and pricing reviews as a result.
Original Source
BaFin (Federal Financial Supervisory Authority, Germany) ↗Related Stories
ANV Group to Acquire Open Lending for $3.15 Per Share in $3.15 All-Cash Tender Offer
June 16, 2026
Singapore MAS Enforces Digital Advertising Rules for Financial Institutions and Finfluencers
June 22, 2026
European Central Bank Raises Rates 25bps to 2.25% Deposit Rate Amid Middle East Inflation Pressures
June 11, 2026
WTW Acquires Redefind, Bringing Crypto Insurance Infrastructure to the World's Largest Advisory Broker
June 2, 2026
Daily Intelligence
The PolicyGlobal Daily Brief
Get the top 5 insurance and finance stories every morning, curated and verified by our editorial desk. No spam. Unsubscribe anytime.
Informational newsletter only. Not financial advice. Disclaimer