It is not a question whether or not your company will be attacked, but rather how often. If your protection plan is built solely around information systems and networks, your business processes and people may be more vulnerable than you think. Insurance covers the direct cost of fixing the damage, but not the loss of credibility. If you only deal with the consequences you may leave yourself vulnerable for further attacks. If you don’t know what has been stolen and how, it will be hard to fix things.