Cyber risk assessment for insurability verification has been paid a lot of research interest as cyber insurance represents a new dynamic segment of market with considerable growth potential for insurers. As customer’s practices and processes consistently lead to the final overall result, customer's behaviour has to be described in detail. The aim of the present paper is to design an instrument (questionnaire) for customer’s cyber risk assessment in insurability verification. The method for building an instrument (questionnaire) is empirical research. Empirical research is based on use of empirical evidence. A questionnaire with 11 questions is proposed.


cyber risk management; cyber insurance; information security; data protection

Bartolini D., Ahrens A., Benavente-Peces, C.: Risk Assessment and Verification of Insurability. In: International Conference on Pervasive and Embedded Computing and Communication Systems (PECCS), Madrid (Spanien). 2017, 24–26.

Eckert C.: IT Security – Concepts, Procedures and Protocols. De Gruyter Oldenbourg, 2014.

Official Journal of the European Union: General Data Protection Regulation., 2016.

Meyers M., Harris S., a Campo Rössing: CISSP: Certified Information Systems Security Professional (mitp Professional) Broschiert, 9 März 2009.

ISACA, 2012, Cobit 5 Framework.

ISO 2013. ISO/IEC 27001: 2013. Information technology – Security techniques – Information security management systems – Requirements.

ISO 2015. Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for cloud security services.

NIST 2008. NIST 800-123: Guide to General Server Security.

NIST 2013. NIST 800-40: Guide to Enterprise Patch Management Technologies.

NIST 2013. NIST 800-53: Security and Privacy Controls for Federal Information Systems and Organizations.

NIST 2013. NIST 500-291: NIST Cloud Computing Standards Roadmap.

Open Web Application Security Project (OWASP), 2017.

PCI/DSS, 2016. Payment Card Industry (PCI) Data Security Standard, v3.2.

Warren C., et. al.: Enterprise Information Security and Privacy, 2009, 193–199.


Bartolini, D. N., Ahrens, A., & Zascerinska, J. (1). INSTRUMENT DESIGN FOR CYBER RISK ASSESSMENT IN INSURABILITY VERIFICATION. Informatyka, Automatyka, Pomiary W Gospodarce I Ochronie Środowiska, 8(3), 7-10.

David Nicolas Bartolini
Universidad Politécnica de Madrid  Spain
Andreas Ahrens 
Hochschule Wismar, University of Applied Sciences, Technology, Business and Design  Germany
Jelena Zascerinska 
Hochschule Wismar, University of Applied Sciences, Technology, Business and Design  Germany