Cyber risk and insurance: Perfecting governance

DOWNLOAD THE PUBLICATION HERE

The aim of this Guide is to provide a toolkit to assist directors in understanding and keeping pace with the ever more complex cyber-related threats faced by the companies they serve. It takes the form of 12 questions designed to break a diverse set of issues down into a manageable series of topics:

1. Assuming I have no particular background or experience in IT, what level of expertise with respect to cyber risk will be expected of me as a member of the board?
2. As a prospective or newly appointed board member, how might I get comfort that the company’s cybersecurity systems are as robust as they need to be?
3. Is there a board-level cybersecurity review blueprint or checklist I can use to ask the right questions, such as those set out in question 2?
4. How might I be potentially liable if the company is the victim of a major cyberattack?
5. There are a number of descriptions applied both to cyber-related dangers faced by companies and the means of protecting against them. These include cyber risk, cyberattack, cybersecurity and cyber resilience. They often seem to be used interchangeably – what do they all mean?
6. What is the potential impact of a cybersecurity event to significant or public infrastructure/services if our company manages or operates these?
7. What role should I as a board member play in cybersecurity and cyber resilience for the company?
8. What is my role as a board member if my company experiences a cyber event?
9. What does a cyber insurance policy cover?
10. What does a cyber insurance policy not cover?
11. How do I determine the right level of cyber insurance coverage for my company?
12. Is cyber insurance the new 'D&O' as a necessary insurance purchase?