Log in Join now Library
Airmic regularly carries out research, and publishes the results in the form of reports, guides and benchmarking documents.

Cyber risk and insurance: Perfecting governance


Airmic, McGill and Partners 7th June 2022


The aim of this Guide is to provide a toolkit to assist directors in understanding and keeping pace with the ever more complex cyber-related threats faced by the companies they serve. It takes the form of 12 questions designed to break a diverse set of issues down into a manageable series of topics:

  1. Assuming I have no particular background or experience in IT, what level of expertise with respect to cyber risk will be expected of me as a member of the board?
  2. As a prospective or newly appointed board member, how might I get comfort that the company’s cybersecurity systems are as robust as they need to be?
  3. Is there a board-level cybersecurity review blueprint or checklist I can use to ask the right questions, such as those set out in question 2?
  4. How might I be potentially liable if the company is the victim of a major cyberattack?
  5. There are a number of descriptions applied both to cyber-related dangers faced by companies and the means of protecting against them. These include cyber risk, cyberattack, cybersecurity and cyber resilience. They often seem to be used interchangeably – what do they all mean?
  6. What is the potential impact of a cybersecurity event to significant or public infrastructure/services if our company manages or operates these?
  7. What role should I as a board member play in cybersecurity and cyber resilience for the company?
  8. What is my role as a board member if my company experiences a cyber event?
  9. What does a cyber insurance policy cover?
  10. What does a cyber insurance policy not cover?
  11. How do I determine the right level of cyber insurance coverage for my company?
  12. Is cyber insurance the new 'D&O' as a necessary insurance purchase?
Table of contents