Skip to main content

Using Risk Assessments to Assess Insurability in the Context of Cyber Insurance

  • Conference paper
  • First Online:
E-Business and Telecommunications (ICETE 2017)

Abstract

In the current globalisation framework where electronic transactions and data sharing is a common activity, cyber-risks analysis, protection and avoidance have become a key aspect which must be book and prioritised on the business agenda in companies. Nevertheless, this issue is difficult to analyse given the dimension of the problem and the company units and individuals and infrastructures which are involved. In consequence, cyber-insurance is considered as the appropriate mean to avoid financial losses caused by information technologies infrastructures and procedures security breaches. This paper analyses and describes how costumers and their cyber-risks should be assessed by an insurance company in order to establish the company status and implement the required actions to fix the issue. This work describes the three phases required to complete a full cyber-risk assessment and the risks evaluation. Furthermore, the paper highlights the resources that the insurer should keep in its road-map to implement the risk assessment and, thus, to determine the company insurability, and the requirements to reach such condition. After the risk analysis completion at the customer’s premises, it must be evaluated subsequently at all levels. Among other factors, this evaluation is based on 63 question criteria. In the risk assessment criteria weights are not uniformly distributed and weighting is applied according to the relevance. In particular, criteria that should receive a special attention are referred to as showstoppers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Aguilar, L.A.: Boards of directors, corporate governance and cyber-risks: sharpening the focus (2014). https://www.sec.gov/news/speech/2014-spch061014laa

  2. Anderson, R.: Why information security is hard - an economic perspective. In: Seventeenth Annual Computer Security Applications Conference, pp. 358–365 (2001). https://doi.org/10.1109/ACSAC.2001.991552

  3. BSI: Bundesamt für sicherheit in der informationstechnik (BSI), 2017. leitfaden zur basis-absicherung nach IT-Grundschutz (2017). https://www.bsi.bund.de

  4. Allianz Global Corporate & Specialty: Allianz risk barometer (2016). http://www.agcs.allianz.com/insights/white-papers-and-case-studies/allianz-risk-barometer-2016

  5. COSO: The committee of sponsoring organizations of the treadway commission (1992). https://www.coso.org/Pages/erm-integratedframework.aspx

  6. Eckert, C.: Concepts, Procedures and Protocols, DE GRUYTER OLDENBOURG (2014)

    Google Scholar 

  7. Foreman, P.: Vulnerability Management. CRC Press, Boca Raton (2009)

    Book  Google Scholar 

  8. ISACA: Cobit 5 framework (2012). https://www.isaca.org/COBIT/Pages/COBIT-5-Framework-product-page.aspx

  9. ISO: ISO/IEC 20000–1. Information technology – service management (2011). https://www.iso.org/standard/51986.html

  10. ISO: ISO/IEC 27001: Information technology - security techniques - information security management systems – requirements (2013). https://www.iso.org/standard/54534.html

  11. NIST: NIST 800–45: Guideline on electronic mail security (2007). https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-45ver2.pdf

  12. NIST: NIST 800–123: Guide to general server security (2008). https://nvlpubs.nist.gov/ nistpubs/ legacy/sp/nistspecialpublication800-123.pdf

  13. NIST: NIST 500–291: NIST cloud computing standards roadmap (2013). https://www.nist.gov/publications/nist-sp-500-291-nist-cloud-computing-standards-roadmap

  14. NIST: NIST 800–40: Guide to enterprise patch management technologies (2013). https://csrc.nist.gov/publications/detail/sp/800-40/rev-3/final

  15. NIST: NIST 800–53: Security and privacy controls for federal information systems and organizations (2013). https://nvd.nist.gov/800-53

  16. PCI Security Standards Council: Data security standard (2016). https://cayan.com/getattachment/Developers/Knowledge-Base/Documents-Samples/PCI-Documents/PCI-DSS-v3-2-AOC-Cayan-FINAL2.pdf

  17. Rausand, M., Høyland, A.: System Reliability Theory: Models, Statistical Methods, and Applications, Second Edition. Wiley, Hoboken (2004). https://doi.org/10.1002/9780470316900

    MATH  Google Scholar 

  18. Rausand, M.: Risk Assessment: Theory, Methods, and Applications. Wiley, New York (2011)

    Book  Google Scholar 

  19. Rolski, T., Schmidli, H., Schmidt, V., Teugels, J.: Stochastic processes for insurance and finance, p. 68 (2001)

    Google Scholar 

  20. Salter, C., Saydjari, O.S., Schneier, B., Wallner, J.: Toward a secure system engineering methodolgy. In: Proceedings of the 1998 Workshop on New Security Paradigms, NSPW 1998, pp. 2–10. ACM, New York (1998). https://doi.org/10.1145/310889.310900

  21. Turner II, B.L., et al.: Science and technology for sustainable development special feature: a framework for vulnerability analysis in sustainability science. Proc. Natl. Acad Sci. 100, 8074–8079 (2003)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Cesar Benavente-Peces .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bartolini, D.N., Benavente-Peces, C., Ahrens, A. (2019). Using Risk Assessments to Assess Insurability in the Context of Cyber Insurance. In: Obaidat, M., Cabello, E. (eds) E-Business and Telecommunications. ICETE 2017. Communications in Computer and Information Science, vol 990. Springer, Cham. https://doi.org/10.1007/978-3-030-11039-0_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-11039-0_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-11038-3

  • Online ISBN: 978-3-030-11039-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics