Germany's Federal Financial Supervisory Authority (BaFin) has completed its third survey of the domestic cyber insurance market, introducing a separate insurance class for cyber risks and a dedicated reporting obligation for the 2025 financial year. BaFin identified systemic accumulation risk — the danger that a single large cyber event could trigger widespread simultaneous losses across many insurers — as its primary supervisory concern in this rapidly growing but volatile market.
Germany's financial regulator has intensified its scrutiny of the cyber insurance market, reflecting the growing importance the authority attaches to digital risk coverage as a pillar of economic resilience. The Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) conducted its third survey of insurance companies on cyber insurance, with findings published in late May 2026 highlighting both the market's rapid growth and its inherent volatility.
A significant structural development is the formal creation of a separate insurance class for cyber risks. As of the 2025 financial year, a standalone reporting obligation now applies to cyber insurance under the German Insurance Reporting Regulation (BerVersV) for the first time domestically — a step aligned with an EU-wide reporting requirement that has been in force since the 2023 financial year. This new reporting structure gives BaFin substantially improved visibility into premium volumes, loss ratios, claims trends, and coverage terms across the German cyber insurance market.
BaFin's foremost supervisory concern is what it describes as 'accumulation risk' — the danger that a single large-scale cyberattack targeting critical infrastructure, a widely used software platform, or a global cloud provider could simultaneously trigger claims across a very large number of insurers and policyholders at once. This risk profile differs fundamentally from most traditional insurance lines, where losses are typically uncorrelated. The regulator warns that the rapidly changing nature of cyber threats, combined with limited historical claims data, makes pricing and reserving especially challenging.
The BaFin survey comes within a broader regulatory context that includes the issuance of a circular in April 2026 confirming the legal permissibility of ransom insurance under German supervisory law, and the expansion of BaFin's supervisory powers under the BRUBEG legislation effective March 31, 2026. The findings echo concerns raised globally: Munich Re estimates the worldwide cyber insurance market reached approximately $15 billion in premiums in 2025, with growth projected to exceed 10% annually through 2030. For German businesses and insurers, BaFin's heightened oversight signals that cyber coverage terms, pricing, and underwriting criteria will face continued regulatory attention as the market matures.
Key Points
- 1BaFin completed its third cyber insurance market survey, published in late May 2026
- 2A separate insurance class for cyber risks now carries a standalone reporting obligation from the 2025 financial year
- 3BaFin identifies systemic accumulation risk as its primary supervisory concern in the cyber market
- 4Limited historical claims data and fast-evolving threats make pricing and reserving challenging
- 5Munich Re estimates the global cyber insurance market reached around $15 billion in 2025 premiums
Why This Matters
Germany is Europe's largest economy and a major hub for industrial and corporate insurance. BaFin's introduction of formal cyber reporting and a dedicated insurance class signals that European regulators treat digital risk with the same systemic seriousness as catastrophe risk. For global insurers and reinsurers writing cyber business, accumulation risk management is now a regulatory expectation. Businesses purchasing cyber insurance in Germany and the EU should anticipate enhanced policy scrutiny, pricing reviews, and tighter underwriting as regulators work to ensure the market remains resilient.
Original Source
BaFin (Federal Financial Supervisory Authority, Germany) ↗Related Stories
Global Cyber Insurance Market Heads Toward $33 Billion in 2026 as AI Reshapes Underwriting
June 18, 2026
Singapore MAS Tightens Digital Advertising Rules for Financial Institutions and Finfluencers
March 25, 2026
Germany's BaFin Warns of Volatile Cyber Insurance Market and Systemic Accumulation Risks
May 29, 2026
Singapore MAS Tightens Stablecoin Rules and Advances Tokenized CBDC Pilot in 2026 Digital Finance Push
June 18, 2026
Daily Intelligence
The PolicyGlobal Daily Brief
Get the top 5 insurance and finance stories every morning, curated and verified by our editorial desk. No spam. Unsubscribe anytime.
Informational newsletter only. Not financial advice. Disclaimer