PRESS RELEASE
19 February 2026

A&O Shearman And Aon Publish Comprehensive Review Of The Insurability Of Cyber Fines Across Multiple Jurisdictions

AO
A&O Shearman

Contributor

A&O Shearman logo
A&O Shearman was formed in 2024 via the merger of two historic firms, Allen & Overy and Shearman & Sterling. With nearly 4,000 lawyers globally, we are equally fluent in English law, U.S. law and the laws of the world’s most dynamic markets. This combination creates a new kind of law firm, one built to achieve unparalleled outcomes for our clients on their most complex, multijurisdictional matters – everywhere in the world. A firm that advises at the forefront of the forces changing the current of global business and that is unrivalled in its global strength. Our clients benefit from the collective experience of teams who work with many of the world’s most influential companies and institutions, and have a history of precedent-setting innovations. Together our lawyers advise more than a third of NYSE-listed businesses, a fifth of the NASDAQ and a notable proportion of the London Stock Exchange, the Euronext, Euronext Paris and the Tokyo and Hong Kong Stock Exchanges.
Explore Firm Details
A&O Shearman and Aon have today published a report examining the insurability of regulatory fines arising from cyber incidents across multiple global jurisdictions.
United States

A&O Shearman and Aon have today published a report examining the insurability of regulatory fines arising from cyber incidents across multiple global jurisdictions. The insurability of cyber fines report provides essential guidance for risk managers, in-house counsel, and insurance professionals navigating an increasingly complex regulatory landscape.

Key findings

  • Overlapping regulatory regimes: Organisations are facing potential fines under multiple frameworks including GDPR (up to EUR20 million/4% turnover), NIS2 (up to EUR10m/2% turnover), DORA, and the Cyber Resilience Act (up to EUR15m/2.5% turnover).
  • Insurability varies by jurisdiction: In some countries, such as Finland and Portugal, cyber fines are explicitly uninsurable as a matter of public policy. In others, including England and Wales, Ireland, and the Netherlands, the legal position remains uncertain and untested by courts providing a challenging landscape for organisations operating across multiple jurisdictions.
  • Significant enforcement activity: Regulators are growing increasingly assertive in their pursuit of enforcement, with recent cases including Meta (EUR251m), Capita (GBP14m), Enel Energia (EUR79.1m), and Advanced Computer Software (GBP3.07m) serving as examples.
  • Increasing personal liability for boards: NIS2 and DORA have introduced direct liability for senior management, including potential management bans.
  • EU AI Act adds new exposure: With strict cybersecurity requirements for providers and deployers of high-risk AI systems, non-compliance could see fines of up to EUR35m or 7% of turnover levelled at businesses.

Practical action for organisations

The report identifies a number of actions businesses can take to mitigate their risks in this complex space, including:

  • jurisdictional risk mapping
  • preparation for non-monetary sanctions
  • compliance audits
  • strengthening policies and reporting frameworks.

About the report

The report covers regulatory developments across multiple jurisdictions including the UK, EU member states, Switzerland, Saudi Arabia, South Africa, Turkey, and the UAE.

Stay ahead of regulatory developments—request a copy of the Insurability of cyber fines report today.

Contributor

A&O Shearman logo
A&O Shearman was formed in 2024 via the merger of two historic firms, Allen & Overy and Shearman & Sterling. With nearly 4,000 lawyers globally, we are equally fluent in English law, U.S. law and the laws of the world’s most dynamic markets. This combination creates a new kind of law firm, one built to achieve unparalleled outcomes for our clients on their most complex, multijurisdictional matters – everywhere in the world. A firm that advises at the forefront of the forces changing the current of global business and that is unrivalled in its global strength. Our clients benefit from the collective experience of teams who work with many of the world’s most influential companies and institutions, and have a history of precedent-setting innovations. Together our lawyers advise more than a third of NYSE-listed businesses, a fifth of the NASDAQ and a notable proportion of the London Stock Exchange, the Euronext, Euronext Paris and the Tokyo and Hong Kong Stock Exchanges.
Explore Firm Details
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More