In the present technological age, where cyber-risk ranks alongside natural and man-made disasters and catastrophes – in terms of global economic loss – businesses and insurers alike are grappling with fundamental risk management issues concerning the quantification of cyber-risk, and the dilemma as to how best to mitigate this risk. To this end, the present research deals with data, analysis, and models with the aim of quantifying and understanding cyber-risk – often described as “holy grail” territory in the realm of cyber-insurance and IT security. Nonparametric severity models associated with cyber-related loss data – identified from several competing sources – and accompanying parametric large-loss components, are determined, and examined. Ultimately, in the context of analogous cyber-coverage, cyber-risk is quantified through various types and levels of risk adjustment for (pure-risk) increased limit factors, based on applications of actuarially founded aggregate loss models in the presence of various forms of correlation. By doing so, insight is gained into the nature and distribution of volatile severity risk, correlated aggregate loss, and associated pure-risk limit factors.