Conducting research into governance of cyber security patching in organizations as a member of the NWA THESEUS project. As part of this research I investigate existing legal frameworks and regulatory governance mechanisms on cyber security and data breach liability. Additionally, I will analyse the role of cyber insurance in current patching risk assessments and vulnerability response practices. These factors will then be considered alongside academic perspectives in order to determine what types of regulatory intervention are desirable and at what level of governance, to ultimately facilitate essential improvements to patching practices and prevent third-party damages. These findings will then be utilized to deliver recommendations to stakeholders and legislators to improve and incentivize patching, rather than regulating liability once damages occur, both at a national and EU level..