An organization's risk management and legal folks understand the language of insurance riders and exclusions, but no one is better equipped to understand and articulate an organization's information security system than the people who run it.
"The CIO is on the front lines in dealing with information systems and should know about actual and potential problems," said Eric Sinrod, a partner at San Francisco-based law firm Duane Morris.
IT managers can also assist with facilitating an accurate cost-benefit analysis. "It might cost the company less to recreate the data than it would be to pay for the insurance premium," he added.
An evolving process
Changing regulations and privacy laws also add to the complexity of cyber insurance coverage, which continues to evolve.
"This is still an education process for all parties and one size does not fit all," said Tse. Enterprises are encouraged to work with their brokers, study and understand the policies available in the market and apply it to their processes--"then they can find a policy that fits their needs."
IDG staff contributed to this article.
Sign up for CIO Asia eNewsletters.