Progress in managing cyber risk exposures is continuing, but are insurers doing enough to convince regulators that they understand what they're doing? Paul Walsh reports