This is a study into organisations’ attitudes towards the cyber threat, the management control processes they have in place, and their understanding and use of cyber insurance as a means of risk transfer.