We live our lives hoping that we will never need to make claims on our insurance policies. Whether that is home, motor, life or phone, making a claim generally means something isn't how it should be. Ultimately, a policy is there to protect something of value to us, and as the world in which we lives changes, the information you have and the systems you run your businesses on are valuable assets too - so is now the time to think about cyber insurance?
Outsourcing PCI DSS controls to third parties can hugely support a merchant (or service provider) PCI DSS compliance program and can be a great thing if you want to leverage any SAQ reduction criteria, meaning you have less controls to complete yourself so less costs and less complexity; always a good thing, BUT you must have a handle on service providers if you want to take this route.
Risk Assessment is a core feature of most modern security considerations, including the PCI DSS. Featuring as Requirement 12.2, it splits into two parts:
Unlike other areas of the PCI DSS which are very prescriptive, this requirement on first reading doesn't really show much relationship to the rest of the PCI DSS, but don't be fooled.