Abstract
Cyber insurance has gained less ground in Europe than in the U.S., but with emerging laws and regulations, the prospect of considerable fines for security breaches is pushing many organisations into this market. A qualitative interview study in Norway reveals the main uncertainty factors for organisations that have little experience with the cyber insurance consideration process, and how they perceive the products, process and expected support in case of a cyber incident. These uncertainty factors can be reduced by being aware of typical coverage gaps, exclusions and loss types that are commonly found in cyber insurance products.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The dataset we have received from Advisen is dated November 2016 and contains 33023 world-wide cyber loss events. Romanosky has described the origins of this data in [24].
References
Association of British Insurers: Making sense of cyber insurance: a guide for SMEs. Technical report, ABO (2016)
Bandyopadhyay, T.: Organizational adoption of cyber insurance instruments in it security risk management: a modeling approach, Proceedings, P. 5 (2012)
Bandyopadhyay, T., Mookerjee, V.S., Rao, R.C.: Why IT managers don’t go for cyber-insurance products. Commun. ACM 52(11), 68–73 (2009)
Bentz, T.: Negotiating key cyber exclusions. Insurance Day (2015). https://www.insuranceday.com/news_analysis/legal_focus/negotiating-key-cyber-exclusions.htm
Böhme, R., Schwartz, G.: Modeling cyber-insurance: towards a unifying framework. In: Workshop on the Economics in Information Security (WEIS) (2012)
Cambridge Centre for Risk Studies: Managing cyber insurance accumulation risk. Technical report, University of Cambridge (2016)
Cohn, C., Barlyn, S.: European, Asian companies short on cyber insurance before ransomware attack (2017). http://www.reuters.com/article/us-cyber-attack-insurance-idUSKCN18B00H
CRIF: Cyber insurance and the terrorism exclusion (2014). http://www.cyberriskinsuranceforum.com/content/cyber-insurance-and-terrorism-exclusion
DG Justice and Consumers: Reform of EU data protection rules (2016). http://ec.europa.eu/justice/data-protection/reform/index_en.htm
Digital Single Market: Digital scoreboard (2016). https://ec.europa.eu/digital-single-market/digital-scoreboard
Dobie, G., Collins, S.: A guide to cyber risk - managing the impact of increasing interconnectivity. Technical report, Allianz (2015). http://www.agcs.allianz.com/assets/PDFs/risk%20bulletins/CyberRiskGuide.pdf
ENISA, Robinson, N.: Incentives and barriers of the cyber insurance market in Europe. Report 28th June 2012. http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/incentives-and-barriers-of-the-cyber-insurance-market-in-europe/at_download/fullReport
Gordon, L.A., Loeb, M.P., Sohail, T.: A framework for using insurance for cyber-risk management. Commun. ACM 46(3), 81–85 (2003)
Hiscox: The hiscox cyber readiness report (2017). https://www.hiscox.co.uk/cyber-readiness-report/docs/cyber-readiness-report-2017.pdf
Hurtaud, S., Flamand, T., de la Vaissiere, L., Hounka, A.: Cyber insurance as one element of the cyber risk management strategy, February 2015. https://www2.deloitte.com/lu/en/pages/risk/articles/cyber-insurance-element-cyber-risk-management-strategy.html
Lloyd’s, Cambridge Centre for Risk Studies: Lloyds City Risk Index 2015–2025 (2015). http://hwww.lloyds.com/cityriskindex/
Maude, F.: The role of insurance in managing and mitigating the riske (2015). https://www.marsh.com/uk/insights/research/uk-cyber-security-role-of-insurance-in-managing-mitigating-risk.html
Meland, P.H., Tøndel, I.A., Solhaug, B.: Mitigating risk with cyberinsurance. IEEE Secur. Priv. 13(6), 38–43 (2015)
Nikolaeva, M., Rivet, M.: French central bank chief urges insurers to step up cyber risk coverage (2017). http://www.reuters.com/article/us-france-insurance-idUSKBN1591Q9
Pain, L.D., Anchen, J., Bundt, M., Durand, E., Schmitt, M.: Cyber: In search of resilience in an interconnected world (2016). http://www.swissre.com/library/archive/Demand_for_cyber_insurance_on_the_rise_joint_Swiss_Re_IBM_study_shows.html
Ponemon: Managing cyber security as a business risk: Cyber insurance in the digital age. Report, Ponemon Institute, August 2013. http://www.ponemon.org/blog/managing-cyber-security-as-a-business-risk-cyber-insurance-in-the-digital-age
National Protection and Programs Directorate: Cyber risk culture roundtable readout report. Technical report. U.S. Department of Homeland Security (2013)
National Protection and Programs Directorate: Cybersecurity insurance workshop readout report. Technical report. U.S. Department of Homeland Security (2012)
Romanosky, S.: Examining the costs and causes of cyber incidents. J. Cybersecur. 2(2), 121–135 (2016)
Siemens, R., Beck, D.: How to buy cyber insurance. Risk Manag. 59(8), 40 (2012)
Svanemyr, S.: Kontantene forsvinner i butikkene (Norwegian) (2016). https://tinyurl.com/j7qaqe9
Swiss Re Institute: Cyber: getting to grips with a complex risk. Technical report, Swiss Re (2017). http://www.swissre.com/library/sigma_01_2017_en.html
World Economic Forum: The global risks report 2016, 11st edn. (2016). http://www3.weforum.org/docs/GRR/WEF_GRR16.pdf
Acknowledgments
This research has been performed as part of the inSecurance project funded by SINTEF Digital. We would like to thank the representatives from all the organisations that participated in the interviews for sharing their experiences with us, and discussions with representatives from brokers and insurance companies. A final gratitude to Professor Guttorm Sindre at NTNU for feedback and comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Meland, P.H., Tøndel, I.A., Moe, M., Seehusen, F. (2017). Facing Uncertainty in Cyber Insurance Policies. In: Livraga, G., Mitchell, C. (eds) Security and Trust Management. STM 2017. Lecture Notes in Computer Science(), vol 10547. Springer, Cham. https://doi.org/10.1007/978-3-319-68063-7_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-68063-7_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-68062-0
Online ISBN: 978-3-319-68063-7
eBook Packages: Computer ScienceComputer Science (R0)