Recent high profile data breaches and cyber security incidents serve to highlight the potentially large monetary consequences to organizations due to cyber security events. The growing market for cyber risk insurance offers one possible avenue for organizations to manage this risk. However, a lack of traditional actuarial data makes it difficult to determine if a particular set of security practices are measurably effective predictors of future losses due to cyber events. The symposium, through a series of presentations, panels, and an interactive exercise, will explore some of these challenges and offer some ideas for a way forward.

Cyber risk insurance provides another tool in the risk management toolbox for an organization. Cyber security is a function of the effective identification and management of operational cyber security risks, similar to any other category of risk faced by an organization. Risk cannot be driven to zero. Rather, cyber risk management involves achieving an appropriate balance of protection, detection, and response capabilities, and then applying compensating measures to manage the residual risk to a level that is within organizational tolerances. Cyber risk insurance is one such mechanism available to organizations to manage their exposure to monetary losses due to residual cyber security risks.