I have implemented ISO 27001 ISMS in an insurance company. Now they want to know, whether they need any other framework of Cyber Security to protect them from Cyber threats, OR, the ISO 27001 isms framework is sufficient for them?
ISO 27001 provides a comprehensive approach for information security and Cyber Security, so an additional framework would be necessary only if:
there are legal requirements (e.g., laws, regulations, or contracts) demanding the implementation of another framework
there are needed controls that are not covered, or not properly covered, by controls in Annex A (e.g., NIST SP 800-53 publication also provides one family of 16 controls for the management of information security programs)
In case you do not have the above-mentioned situations, ISO 27001 is sufficient to cover cybersecurity
This article will provide you a further explanation about NIST and cybersecurity: