An interesting overview of why corporate risk managers are being pushed to adopt a better cyber-risk posture and what role cyber-insurance can accurately play in mitigating cyber-risk. The key questions enterprises struggle with are of particular interest to board members as a basis of discussion with management: (a) What is at risk for our enterprise — is it business continuity? Will we experience denial of service or intellectual property theft? Do we hold consumer /financial /patient data?; (b) What is the probability of an event occurring?; and (c) What are the estimated damages?