Skip to content

Insurance Europe supports the EC’s plan to simplify cybersecurity regulations

Yana Keller
Yana Keller
2 min
Insurance Europe highlights several specific elements in the EC’s Omnibus proposal

Insurance Europe supports the European Commission’s plan to simplify cybersecurity regulations through its review of the Cybersecurity Act and the forthcoming digital omnibus simplification package.

The Commission stated that this initiative aims to reduce administrative burdens, simplify reporting rules, and promote a more business-friendly regulatory environment.

The review will prioritize the scope of the European Union Agency for Cybersecurity, the European Cybersecurity Framework, and address risks related to information and communications technology supply chains.

The trade group emphasized that simplifying regulatory requirements and removing duplication is necessary, especially as insurers now face additional compliance due to the enforcement of the Digital Operational Resilience Act (DORA).

Although DORA focuses specifically on the financial sector, insurers must also comply with rules such as the e-Privacy Directive and the Artificial Intelligence Act.

This creates overlapping obligations, particularly in relation to cyber incident reporting.

Insurance Europe pointed out that national cyber agencies introduce another layer of reporting complexity.

Insurers are often required to notify both a DORA supervisor and a national cybersecurity authority about the same incident. This duplication increases operational burdens and limits efficiency.

The group also urged the Commission to align local laws with EU-wide regulations. Fragmented requirements across jurisdictions force insurers to submit the same incident report multiple times, following different formats and deadlines.

Insurance Europe further recommended that the Commission avoid imposing sovereignty-based restrictions that would prevent insurers from selecting their preferred service providers.

Such restrictions could obstruct technological progress and raise expenses, particularly as insurers move operations to cloud platforms.

The group acknowledged the broader goal of strengthening digital sovereignty in Europe but stated that this topic should be addressed as a separate, long-term political matter at the EU level.

Cyber reputation risk events can cut shareholder value by 27%
Cyber reputation risk events can cut shareholder value by 27%
Reputation-related cyber incidents can reduce shareholder value by an average of 27%, according to Aon’s 2025 Global Cyber Risk Report
Aflac targeted by cybercriminal group as insurance sector faces ongoing attacks
Aflac targeted by cybercriminal group as insurance sector faces ongoing attacks
A sophisticated cybercrime group that has been targeting insurance companies launched an attack on Aflac
MetLife, in partnership with Aura, launched digital cyber safety tool for children
MetLife, in partnership with Aura, launched digital cyber safety tool for children
MetLife, in partnership with Aura, has launched a digital safety tool designed to help parents monitor and support their children’s online activity
Lloyd’s invested in cyber insurtech BreachBits
Lloyd’s invested in cyber insurtech BreachBits
Lloyd’s has invested in BreachBits, a cyber risk technology company founded by former US military cyber warfare professionals