ABSTRACT
A complementary way of dealing with cyber risks through risk transfer is emerging. This involves the use of cyber insurance products, which have been introduced in recent years by companies like AXA, Generali, or Allianz. The growing cyber threat landscape, coupled with the shortcomings of current Cybersecurity Risk Management frameworks and the unrealised potential of cyber insurance for risk management, underscore the need for new cybersecurity risk management approaches. The cybersecurity portfolio includes security controls, which are put in place by the organisation and consist of measures to prevent, protect against, and counter cyber attacks, including threat detection and response. Cyber insurance products are focused on commercial business at present. They can be offered as a standalone product or added on to an existing policy as part of a package. Insurers face a multitude of challenges—many stemming from the difficulty of accurately assessing cybersecurity risk—that inhibit the development and accurate pricing of cyber insurance products.
