Certified in Risk and Information Systems Control (CRISC) — Question 1128

An organization wants to transfer risk by purchasing cyber insurance. Which of the following would be MOST important for the risk practitioner to communicate to senior management for contract negotiation purposes?

Answer options

• A. Cyber insurance industry benchmarking report
• B. Most recent IT audit report results
• C. Current annualized loss expectancy report
• D. Replacement cost of IT assets

Correct answer: C

Explanation

The correct answer is C because the current annualized loss expectancy report provides a quantifiable measure of potential losses due to cyber incidents, which is crucial for determining the appropriate level of coverage. The other options, while relevant, do not directly address the financial implications of risk that are critical in the context of insurance negotiations.