The (re)lnsurance industry is faced with a growing risk related to the development of information technology (IT). This growth is creating an increasingly digitally interconnected world with more and more dependance being placed on IT systems to manage processes. This is generating opportunities for new insurance products and coverages to directly address the risks that companies face. However, it is also changing the risk landscape of existing classes of business within non-life insurance where there is inherent risk of loss as a result of IT events that cannot be excluded in policy wordings or are changing the risk profile of traditional risks. This risk of losses to classes of business resulting from cyber as a peril is defined as non-affirmative cyber risk and is currently not very well understood by the market. ln contract wordings the market has remained relatively "silent" across most lines of business about potentiel losses resulting from IT related events, either by not addressing the potential issue or exclude via exclusions. Some classes of business recognise the exposure by use of write-backs. Depending on the line of business the approach will vary as to how best to turn any "silent" exposure into a known quantity either by robust exclusionary language, pricing or exposure monitoring. This paper proposes a framework to help insurance companies address the issue of non-affirmative cyber risk across their portfolios.