Cyber-insurance will be an inevitability for all organisations.
However, executives should be clear on what level of cover they are
buying, what incidents they are getting cover for, and the costs and
impacts on the organisation that insurance cannot (or may not) cover.
An exploration into the feasibility of
cyber-insurance is likely to raise good questions about whether an
organisation has sufficient controls in place, as well as to what
degree the organisation is willing to self-insure. But these
questions, like the purchase of cyber-insurance, can only be
addressed by the business.