When we started CRIF last year, US based publications [insurance and infosec] asked how CRIF could help a North American cyber liability market that was already 7-8 yrs old. 

 

I made the point that the US market is very much led by third-party policies [as defined in the UK] and that first / third party would predicate better risk management.