Protecting enterprise systems against cyber threats is a strategic priority and a well-funded, highly analyzed process at most organizations. But as technological ecosystems grow beyond the four walls of the organization, there arise a number of gray areas, where it is not clear who is responsible for security and who bears the costs if there is a breach, an outage, a simple error or outright sabotage. Shadow IT, availability coverage by cloud-service providers and cyber insurance coverage are three of the most vexing and persistent blind spots for CIOs today.