Germany's Federal Financial Supervisory Authority (BaFin) has published the results of its third cyber insurance market survey, describing a volatile and rapidly evolving market. A new standalone insurance class and dedicated reporting obligation for cyber insurance took effect for the 2025 financial year, with BaFin flagging systemic accumulation risk — where a single incident could cause widespread simultaneous losses — as its primary supervisory concern.
Germany's financial watchdog, the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin), has released findings from its third survey of the domestic cyber insurance market, characterizing it as a volatile and fast-changing segment that demands heightened supervisory attention. The survey reflects the growing importance BaFin attaches to cyber insurance as a pillar of Germany's economic resilience against the rising tide of cyberattacks.
A significant structural development is the formal creation of a separate insurance class for cyber risks. As of the 2025 financial year, a standalone reporting obligation now applies to cyber insurance under the German Insurance Reporting Regulation (BerVersV) for the first time domestically — bringing Germany in line with an EU-wide reporting requirement that has been in force since the 2023 financial year. The dedicated reporting framework gives BaFin far greater visibility into premium volumes, loss ratios, claims trends, and policy terms across the German cyber insurance market.
BaFin's central supervisory concern is what it terms 'accumulation risk' — the danger that a single large-scale cyber event, such as an attack on widely used software, a major cloud provider, or critical infrastructure, could simultaneously trigger claims across a very large number of insurers and policyholders at once. This represents a fundamentally different risk profile from most traditional insurance lines, where losses are typically uncorrelated and geographically dispersed. The regulator emphasizes that the rapidly evolving threat landscape, combined with limited historical claims data, makes pricing and reserving for cyber risk especially challenging.
The survey forms part of BaFin's broader 2026 regulatory agenda, which has also included a circular confirming the legal permissibility of ransom insurance under German supervisory law, and an expansion of BaFin's investigative and supervisory powers under the BRUBEG legislation that came into force on March 31, 2026. Globally, Munich Re estimates the cyber insurance market reached approximately $15 billion in premiums in 2025 and projects average annual growth exceeding 10% through 2030, even as intense competition has put downward pressure on average premium rates in the near term.
Key Points
- 1BaFin's third cyber insurance survey describes a volatile, rapidly evolving market
- 2A separate cyber insurance class and reporting obligation took effect for the 2025 financial year
- 3Systemic accumulation risk — one incident causing widespread simultaneous losses — is the top supervisory concern
- 4The EU-level cyber insurance reporting obligation has been in force since the 2023 financial year
- 5Munich Re estimates the global cyber insurance market reached ~$15 billion in 2025 premiums
Why This Matters
Germany is Europe's largest economy and a major center for industrial and corporate insurance. BaFin's formal treatment of cyber insurance as a distinct, systemically significant class signals that European regulators now view digital risk with the same gravity as natural catastrophe risk. For businesses buying cyber coverage in Germany and across the EU, this means evolving policy terms, pricing reviews, and tighter underwriting. For global insurers and reinsurers, managing correlated, systemic cyber exposure at scale has become both a regulatory expectation and the defining underwriting challenge of the decade.
Original Source
BaFin (Federal Financial Supervisory Authority, Germany) ↗Related Stories
Global Cyber Insurance Market Heads Toward $33 Billion in 2026 as AI Reshapes Underwriting
June 18, 2026
Singapore MAS Tightens Digital Advertising Rules for Financial Institutions and Finfluencers
March 25, 2026
Singapore MAS Tightens Stablecoin Rules and Advances Tokenized CBDC Pilot in 2026 Digital Finance Push
June 18, 2026
ANV Group to Acquire Open Lending for $1.3 Billion in All-Cash Deal at 78% Premium
June 16, 2026
Daily Intelligence
The PolicyGlobal Daily Brief
Get the top 5 insurance and finance stories every morning, curated and verified by our editorial desk. No spam. Unsubscribe anytime.
Informational newsletter only. Not financial advice. Disclaimer