Facing Uncertainty in Cyber Insurance Policies

  • Per Håkon Meland
  • Inger Anne Tøndel
  • Marie Moe
  • Fredrik Seehusen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10547)

Abstract

Cyber insurance has gained less ground in Europe than in the U.S., but with emerging laws and regulations, the prospect of considerable fines for security breaches is pushing many organisations into this market. A qualitative interview study in Norway reveals the main uncertainty factors for organisations that have little experience with the cyber insurance consideration process, and how they perceive the products, process and expected support in case of a cyber incident. These uncertainty factors can be reduced by being aware of typical coverage gaps, exclusions and loss types that are commonly found in cyber insurance products.

Keywords

Cyber insurance Risk management Gap analysis Exclusions Coverage Negotiation 

References

  1. 1.
    Association of British Insurers: Making sense of cyber insurance: a guide for SMEs. Technical report, ABO (2016)Google Scholar
  2. 2.
    Bandyopadhyay, T.: Organizational adoption of cyber insurance instruments in it security risk management: a modeling approach, Proceedings, P. 5 (2012)Google Scholar
  3. 3.
    Bandyopadhyay, T., Mookerjee, V.S., Rao, R.C.: Why IT managers don’t go for cyber-insurance products. Commun. ACM 52(11), 68–73 (2009)CrossRefGoogle Scholar
  4. 4.
    Bentz, T.: Negotiating key cyber exclusions. Insurance Day (2015). https://www.insuranceday.com/news_analysis/legal_focus/negotiating-key-cyber-exclusions.htm
  5. 5.
    Böhme, R., Schwartz, G.: Modeling cyber-insurance: towards a unifying framework. In: Workshop on the Economics in Information Security (WEIS) (2012)Google Scholar
  6. 6.
    Cambridge Centre for Risk Studies: Managing cyber insurance accumulation risk. Technical report, University of Cambridge (2016)Google Scholar
  7. 7.
    Cohn, C., Barlyn, S.: European, Asian companies short on cyber insurance before ransomware attack (2017). http://www.reuters.com/article/us-cyber-attack-insurance-idUSKCN18B00H
  8. 8.
    CRIF: Cyber insurance and the terrorism exclusion (2014). http://www.cyberriskinsuranceforum.com/content/cyber-insurance-and-terrorism-exclusion
  9. 9.
    DG Justice and Consumers: Reform of EU data protection rules (2016). http://ec.europa.eu/justice/data-protection/reform/index_en.htm
  10. 10.
    Digital Single Market: Digital scoreboard (2016). https://ec.europa.eu/digital-single-market/digital-scoreboard
  11. 11.
    Dobie, G., Collins, S.: A guide to cyber risk - managing the impact of increasing interconnectivity. Technical report, Allianz (2015). http://www.agcs.allianz.com/assets/PDFs/risk%20bulletins/CyberRiskGuide.pdf
  12. 12.
  13. 13.
    Gordon, L.A., Loeb, M.P., Sohail, T.: A framework for using insurance for cyber-risk management. Commun. ACM 46(3), 81–85 (2003)CrossRefGoogle Scholar
  14. 14.
  15. 15.
    Hurtaud, S., Flamand, T., de la Vaissiere, L., Hounka, A.: Cyber insurance as one element of the cyber risk management strategy, February 2015. https://www2.deloitte.com/lu/en/pages/risk/articles/cyber-insurance-element-cyber-risk-management-strategy.html
  16. 16.
    Lloyd’s, Cambridge Centre for Risk Studies: Lloyds City Risk Index 2015–2025 (2015). http://hwww.lloyds.com/cityriskindex/
  17. 17.
    Maude, F.: The role of insurance in managing and mitigating the riske (2015). https://www.marsh.com/uk/insights/research/uk-cyber-security-role-of-insurance-in-managing-mitigating-risk.html
  18. 18.
    Meland, P.H., Tøndel, I.A., Solhaug, B.: Mitigating risk with cyberinsurance. IEEE Secur. Priv. 13(6), 38–43 (2015)CrossRefGoogle Scholar
  19. 19.
    Nikolaeva, M., Rivet, M.: French central bank chief urges insurers to step up cyber risk coverage (2017). http://www.reuters.com/article/us-france-insurance-idUSKBN1591Q9
  20. 20.
    Pain, L.D., Anchen, J., Bundt, M., Durand, E., Schmitt, M.: Cyber: In search of resilience in an interconnected world (2016). http://www.swissre.com/library/archive/Demand_for_cyber_insurance_on_the_rise_joint_Swiss_Re_IBM_study_shows.html
  21. 21.
    Ponemon: Managing cyber security as a business risk: Cyber insurance in the digital age. Report, Ponemon Institute, August 2013. http://www.ponemon.org/blog/managing-cyber-security-as-a-business-risk-cyber-insurance-in-the-digital-age
  22. 22.
    National Protection and Programs Directorate: Cyber risk culture roundtable readout report. Technical report. U.S. Department of Homeland Security (2013)Google Scholar
  23. 23.
    National Protection and Programs Directorate: Cybersecurity insurance workshop readout report. Technical report. U.S. Department of Homeland Security (2012)Google Scholar
  24. 24.
    Romanosky, S.: Examining the costs and causes of cyber incidents. J. Cybersecur. 2(2), 121–135 (2016)Google Scholar
  25. 25.
    Siemens, R., Beck, D.: How to buy cyber insurance. Risk Manag. 59(8), 40 (2012)Google Scholar
  26. 26.
    Svanemyr, S.: Kontantene forsvinner i butikkene (Norwegian) (2016). https://tinyurl.com/j7qaqe9
  27. 27.
    Swiss Re Institute: Cyber: getting to grips with a complex risk. Technical report, Swiss Re (2017). http://www.swissre.com/library/sigma_01_2017_en.html
  28. 28.
    World Economic Forum: The global risks report 2016, 11st edn. (2016). http://www3.weforum.org/docs/GRR/WEF_GRR16.pdf

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Per Håkon Meland
    • 1
    • 2
  • Inger Anne Tøndel
    • 1
    • 2
  • Marie Moe
    • 2
  • Fredrik Seehusen
    • 2
  1. 1.Norwegian University of Science and TechnologyTrondheimNorway
  2. 2.SINTEF DigitalTrondheimNorway

Personalised recommendations