Fusion Risk Management's latest Enterprise Resilience Report reveals a widening gap between North American insurers and their global counterparts, raising questions around preparedness and regulatory alignment.
While regulation ranks as a top carrier priority globally, it falls lower for organizations in North America — signaling a potential disconnect that could leave insurers exposed in an increasingly volatile, interconnected risk landscape.
With this landscape in mind, PropertyCasualty360 recently reached out to Richard Cooper, Global Head of Market at Fusion. Here, Cooper shares his perspective on what this administrative disparity means for the insurance sector, why resilience efforts often remain siloed, and how insurance carriers can evolve from being compliance-driven to more integrated, real-time regulatory leadership that better reflects today's complex operating environment.
PC360: The Enterprise Resilience Report found that North American insurance organizations rank regulation as only the ninth most important resilience priority, compared to third globally. What do you think is driving this disparity?
Richard Cooper: The disparity largely comes down to how resilience is framed in North America versus globally.
In North America, many organizations are moving beyond viewing resilience as a compliance-driven program and instead treating it as a core business capability tied to financial performance and operational continuity. That shift means executives are prioritizing questions like financial exposure, service disruption impact, and decision speed during crises.
Globally, particularly in the UK and Europe, where frameworks like DORA have established more prescriptive, nationally defined resilience mandates, resilience is still more tightly linked to regulatory requirements, which elevates its importance in priority rankings.
In the U.S., regulation is more fragmented, it's state-dependent, and weighted toward cyber and data privacy rather than broader operational resilience, which means North American firms have had to build resilience driven by market necessity rather than mandate. That's actually producing a more commercially grounded, decision-centric model of resilience.
North American firms are reframing regulation as an outcome of strong resilience capability, not the starting point. As disruption becomes more systemic and interconnected, that broader, decision-centric view is what's pushing regulation lower on the list compared to global peers.
PC360: In your experience, how does the lower prioritization of regulation impact insurers' real-world readiness when disruptions occur?
Cooper: If regulation is deprioritized, resilience can still be a core business capability if the leaders choose to make it a focus. Otherwise, there is a risk of getting stuck in performative resilience: documentation, periodic testing, and compliance checklists. If this happens, the same core gaps persist; limited visibility into dependencies, slow manual triage, and an inability to answer critical questions in real time…. That directly affects response speed and decision quality during a disruption.
However, when regulation is deprioritized because resilience is being reframed as a decision and performance capability, readiness actually improves. This is where many leading North American insurers find themselves, building resilience not because a regulator demands it, but because the cost of disruption to their customer experience, revenue, and competitive position is simply too high.
Insurers that focus on modeling their enterprise, understanding dependency risk, and quantifying financial exposure are better equipped to respond in real time. They can identify impact faster, anticipate cascading effects, and make optimized decisions under pressure.
PC360: Compared to more regulation-driven markets in Europe, how are North American insurers falling behind, if at all, and in what ways are they ahead?
Cooper: North American insurers are not necessarily "falling behind." They're ahead in areas driven by market forces rather than regulation.
North American insurers have been at the forefront of digital transformation in how they interact with customers with digital-first distribution, real-time servicing, and seamless claims experiences. That competitive drive has built genuine technology and cyber resilience capability, because the cost of getting it wrong shows up immediately in customer attrition and revenue loss, not just a regulatory finding.
That same digital intensity, however, has also elevated the probability and impact of digital disruption — cyber incidents, third-party outages, and platform failures carry real consequences at scale. North American insurers recognize this, and the strongest are proactively building resilience as a competitive capability, not waiting for regulation to require it.
Where they lag compared to markets where regulation has matured faster, like the UK and Europe, is in formal operational resilience. For example, identifying and stress-testing critical third parties. US regulation is fragmented across states with no national operational resilience mandate, and where regulations are defined, they skew toward cyber and data privacy, not critical vendor relationships. As a result, many insurers have not fully identified or stress-tested
their critical third parties, even though their business relies heavily on them.
PC360: To what extent should insurers move beyond a compliance mindset when it comes to regulation, and what does a more proactive resilience strategy look like in practice?
Cooper: In North America, where no single national resilience mandate exists, this is actually an opportunity. Firms that choose to build resilience as a business capability — rather than waiting for regulation to force the issue — can move faster and build something more genuinely effective than a compliance program ever would.
Resilience as a check-box exercise leaves a gap between what's reported and what can actually be executed in real time. Compliance should be viewed as a baseline outcome, not the objective. The real goal is the ability to protect financial performance and maintain critical services under stress, which requires a fundamentally different approach.
PC360: Looking ahead, what immediate steps could insurers take to strengthen their resilience posture, particularly in an environment that may not view regulation as a top priority?
Cooper: The most immediate step is to shift the starting point from compliance to exposure. Insurers should focus on identifying where they have un-quantified disruption risk today and translate that into potential financial and operational impact to prioritize what to mitigate first. Establishing that baseline is what creates urgency and direction for improvement.
From there, insurers need to move toward a more model-driven approach to resilience. That means building and maintaining a living view of their enterprise, enabling scenario modeling to understand what happens next in a disruption, and developing the ability to optimize response decisions based on real constraints.
Maura Keller is a Minnesota-based freelance writer and editor.
© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.