Certified in Risk and Information Systems Control (CRISC) — Question 869

An organization's senior management is considering whether to acquire cyber insurance. Which of the following is the BEST way for the risk practitioner to enable management's decision?

Answer options

• A. Provide data on the number of risk events from the last year
• B. Conduct a SWOT analysis
• C. Report on recent losses experienced by industry peers
• D. Perform a cost-benefit analysis

Correct answer: D

Explanation

The correct answer is D, as a cost-benefit analysis provides a clear comparison of the potential costs of cyber insurance against the expected benefits, helping management make an informed decision. Options A, B, and C provide useful information but do not directly assess the financial implications necessary for making a decision on insurance.