It appears that the external threats to an organization are increasing steadily, and may, in fact, be increasing more rapidly than is commonly reported. To combat cybercrime, a set of management procedures and an organizational framework for identifying, assessing and mitigating risks, is necessary. Rather than reacting to individual problems in an ad-hoc manner these fundamental activities allow an organization to deal with risks throughout the business. This set of activities constitutes risk management.
The optimal model to address the risks of internet security must combine technology, process and insurance. This Risk Management approach permits companies to address successfully a range of different risk exposures. In some cases, technical controls help address these threats; in others, procedural and audit controls must be implemented. Because these threats cannot be completely removed, however, Cyber – Risk insurance coverage represents an essential tool in providing such non-technical controls and a major innovation in the conception of risk management in general.