An organisation’s exposure comes from network controls, information security management, sensitivity of data stored or processed, jurisdictions where the organisation is present, public profile, outsourcing activities, cyber response capability, business impact of network interruption etc. These factors enable organisations to assess their vulnerability. With cyber breach being more a question of when and not if, a capable insurer who has experience of dealing with cyber breaches whether from local or international players, and a track record of handling cyber claims, is the surest security against the financial consequences of a cyber breach.