Titre manque

This document provides guidelines when considering purchasing cyber-insurance as a risk treatment option to manage the impact of a cyber-incident within the organization’s information security risk management framework, as well as leveraging the organization’s ISMS when sharing relevant data and information with an insurer.

This document gives guidelines for:

a) 

considering the purchase of cyber insurance as a risk treatment option to share cyber risks;

b) 

leveraging cyber insurance to assist in managing the impact of a cyber incident;

c) 

sharing of data and information between the insured and an insurer to support underwriting, monitoring and claims activities associated with a cyber insurance policy;

d) 

leveraging an ISMS when sharing relevant data and information with an insurer.

This document is applicable to organizations that intend to purchase cyber insurance, regardless of type, size or sector.