Simon Cartagena and Jasvir Grewal explain how insurers should be thinking about setting their cyber risk capital