ABSTRACT
Rising digitalization, in environments where previously manual and analog processes were essential, is not only leading to more agile decisions, but is also increasing the danger of cyber-attacks – a danger not known in the analog world and therefore not a part of enterprise risk management. The new cyber risk analysis must be prioritized as a key topic on the corporate business agenda. Analyzing the dimension of this new threat to the business and the people involved and the structures put in place is difficult for each company. Specialized cyber risk engineers, who are confronted daily with the challenges of digital change and digital hazards, are a highly demanded resource and therefore very difficult for companies to recruit on the market. The possibility to access these specialists and also experts regarding Cyber Crisis Management by means of a Cyber Insurance is a helpful tool. This makes it possible to obtain new impulses for the adaptation of information technologies and security architecture, which help to reduce threatening cyber loss events and to have them regulated by the insurance company through risk transfer. This chapter analyzes and describes how customers and their cyber risks are evaluated by cyber risk engineers at the insurance company to determine the inherent risk and describe the measures required to manage it. This chapter describes the phases required to perform a full cyber risk assessment. In addition, the chapter highlights the security structures that need to be implemented at companies to ensure insurability. This assessment is based, among other things, on an industrialized risk assessment approach, which successfully helps to scale overall risks accurately.
