Cyber-Risk Management: Technical and Insurance Controls for Enterprise-Level Security

Traditional approaches to security architecture and design have attempted to achieve the goal of the

elimination of risk factors-the complete prevention of system compromise through technical and

procedural means. Insurance-based solutions to risk long ago admitted that a complete elimination of

risk is impossible and, instead, have focused more on reducing the impact of harm through financial

avenues-providing policies that indemnify the policyholder in the event of harm.