With NIS2 and DORA coming into force, insurers are facing a fundamental shift in expectations regarding cyber resilience. At the same time, attacks on the financial sector are becoming increasingly sophisticated. The result: security architectures must evolve to combine compliance, operational stability, and modern protection mechanisms. This is no longer optional – it is now essential for reliable business continuity.

Julian Keller, Senior Customer Success Manager at Open Systems, emphasizes that a sustainable, holistic and regulation-aligned security approach is key. This is precisely where Managed SASE delivers strategic value.

A regulatory environment demanding stronger cyber resilience

DORA introduces a comprehensive framework for managing digital risks across the financial sector. It establishes clear requirements for:

  • structured ICT risk management
  • consistent processes for handling security incidents
  • regular resilience testing
  • oversight of critical third-party service providers
  • a formalized information-sharing process with authorities

NIS2 strengthens this framework. It increases personal accountability for executive teams, significantly tightens reporting obligations, and introduces substantially higher sanctions for non-compliance. For insurers, this creates a clear mandate: build stronger, auditable and more consistent security structures.

Where insurers stand today – and where gaps remain

Compared with banks, which have long operated under strict supervisory regimes, many insurers have not yet embedded security and compliance deeply into day-to-day operations. While policies are often in place, technical and operational resilience frequently lags behind – especially as cloud adoption and hybrid working models continue to expand.

A modern security architecture must therefore build resilience directly at the network layer.

SASE as the backbone of controlled and secure access

Secure Access Service Edge (SASE) combines networking services with integrated security controls into a unified, cloud-delivered platform. For insurers, this enables:

  • Zero Trust Network Access (ZTNA): Every connection is verified based on user identity, device posture, and context – regardless of location. This ensures precise access control and supports regulatory compliance.
  • Cloud Secure Web Gateway (cSWG): Central inspection of all web and cloud traffic enhances threat visibility and enables automated compliance reporting.
  • Cloud Access Security Broker (CASB): Full visibility into SaaS applications and granular control over data flows ensure compliance with governance and data protection regulations.

Together, these components form a scalable and a future-ready security foundation perfectly suited to the increasingly digital insurance landscape.

Why email security remains essential – even with SASE

Email attacks remain the top entry point for cyber criminals. Both DORA and NIS2 explicitly require effective safeguards against phishing and business email compromise (BEC). However, traditional SASE platforms typically do not include dedicated email security.

Without advanced filtering, domain and identity protection, and automated incident reporting, a critical layer of defense is missing. Robust email security is therefore indispensable for achieving full regulatory compliance.

Where implementation often fails

Insurers rarely struggle with the technology itself – the real challenge lies in proper integration and operation:

  • Isolated tools without unified reporting
  • Increased complexity and operational overhead
  • Lack of change-management processes
  • Introducing complex tools (e.g., CASB) too early without sufficient traffic data
  • Inconsistent security policies across locations and business units

Managed SASE addresses these pain points by delivering proven best practices, minimizing

misconfigurations and ensuring a consistent, well-orchestrated rollout.

Beyond compliance: Operational resilience in real incidents

True resilience goes beyond preventing attacks – it means restoring operations quickly after a successful breach. This requires:

  • Centralized policies applied consistently across all environments
  • Continuous 24/7 monitoring
  • Rapid response to emerging threats
  • Access to specialized expertise and threat intelligence

Managed SASE delivers exactly these capabilities and effectively acts as an extension of your internal teams.

Shared expertise strengthens security

Frameworks such as NIST CSF and ISO 27001 emphasize the role of collaboration and knowledge sharing in achieving strong cyber resilience. For insurers with complex requirements, access to expert communities and real-time threat intelligence is especially valuable.

Managed SASE teams provide this advantage by aggregating insights and experience from numerous customer environments, enabling insurers to react more quickly to new attack patterns.

Conclusion: Resilience requires consistent execution

Cyber resilience is an ongoing effort – not a one-time project. For insurers, this means:

  • Anchoring Zero Trust across the organization
  • Treating cloud security as a standard
  • Fully integrating email security
  • Relying on a Managed SASE model that unifies security, compliance and operational efficiency

This approach creates a future-ready security foundation that not only fulfils NIS2 and DORA but also strengthens long-term resilience against evolving cyber threats.