Skip to main content
SpringerLink
Log in

Using Risk Assessments to Assess Insurability in the Context of Cyber Insurance

  • Conference paper
  • First Online:
E-Business and Telecommunications (ICETE 2017)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 990))

Included in the following conference series:

Abstract

In the current globalisation framework where electronic transactions and data sharing is a common activity, cyber-risks analysis, protection and avoidance have become a key aspect which must be book and prioritised on the business agenda in companies. Nevertheless, this issue is difficult to analyse given the dimension of the problem and the company units and individuals and infrastructures which are involved. In consequence, cyber-insurance is considered as the appropriate mean to avoid financial losses caused by information technologies infrastructures and procedures security breaches. This paper analyses and describes how costumers and their cyber-risks should be assessed by an insurance company in order to establish the company status and implement the required actions to fix the issue. This work describes the three phases required to complete a full cyber-risk assessment and the risks evaluation. Furthermore, the paper highlights the resources that the insurer should keep in its road-map to implement the risk assessment and, thus, to determine the company insurability, and the requirements to reach such condition. After the risk analysis completion at the customer’s premises, it must be evaluated subsequently at all levels. Among other factors, this evaluation is based on 63 question criteria. In the risk assessment criteria weights are not uniformly distributed and weighting is applied according to the relevance. In particular, criteria that should receive a special attention are referred to as showstoppers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aguilar, L.A.: Boards of directors, corporate governance and cyber-risks: sharpening the focus (2014). https://www.sec.gov/news/speech/2014-spch061014laa

  2. Anderson, R.: Why information security is hard - an economic perspective. In: Seventeenth Annual Computer Security Applications Conference, pp. 358–365 (2001). https://doi.org/10.1109/ACSAC.2001.991552

  3. BSI: Bundesamt für sicherheit in der informationstechnik (BSI), 2017. leitfaden zur basis-absicherung nach IT-Grundschutz (2017). https://www.bsi.bund.de

  4. Allianz Global Corporate & Specialty: Allianz risk barometer (2016). http://www.agcs.allianz.com/insights/white-papers-and-case-studies/allianz-risk-barometer-2016

  5. COSO: The committee of sponsoring organizations of the treadway commission (1992). https://www.coso.org/Pages/erm-integratedframework.aspx

  6. Eckert, C.: Concepts, Procedures and Protocols, DE GRUYTER OLDENBOURG (2014)

    Google Scholar 

  7. Foreman, P.: Vulnerability Management. CRC Press, Boca Raton (2009)

    Book  Google Scholar 

  8. ISACA: Cobit 5 framework (2012). https://www.isaca.org/COBIT/Pages/COBIT-5-Framework-product-page.aspx

  9. ISO: ISO/IEC 20000–1. Information technology – service management (2011). https://www.iso.org/standard/51986.html

  10. ISO: ISO/IEC 27001: Information technology - security techniques - information security management systems – requirements (2013). https://www.iso.org/standard/54534.html

  11. NIST: NIST 800–45: Guideline on electronic mail security (2007). https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-45ver2.pdf

  12. NIST: NIST 800–123: Guide to general server security (2008). https://nvlpubs.nist.gov/ nistpubs/ legacy/sp/nistspecialpublication800-123.pdf

  13. NIST: NIST 500–291: NIST cloud computing standards roadmap (2013). https://www.nist.gov/publications/nist-sp-500-291-nist-cloud-computing-standards-roadmap

  14. NIST: NIST 800–40: Guide to enterprise patch management technologies (2013). https://csrc.nist.gov/publications/detail/sp/800-40/rev-3/final

  15. NIST: NIST 800–53: Security and privacy controls for federal information systems and organizations (2013). https://nvd.nist.gov/800-53

  16. PCI Security Standards Council: Data security standard (2016). https://cayan.com/getattachment/Developers/Knowledge-Base/Documents-Samples/PCI-Documents/PCI-DSS-v3-2-AOC-Cayan-FINAL2.pdf

  17. Rausand, M., Høyland, A.: System Reliability Theory: Models, Statistical Methods, and Applications, Second Edition. Wiley, Hoboken (2004). https://doi.org/10.1002/9780470316900

    MATH  Google Scholar 

  18. Rausand, M.: Risk Assessment: Theory, Methods, and Applications. Wiley, New York (2011)

    Book  Google Scholar 

  19. Rolski, T., Schmidli, H., Schmidt, V., Teugels, J.: Stochastic processes for insurance and finance, p. 68 (2001)

    Google Scholar 

  20. Salter, C., Saydjari, O.S., Schneier, B., Wallner, J.: Toward a secure system engineering methodolgy. In: Proceedings of the 1998 Workshop on New Security Paradigms, NSPW 1998, pp. 2–10. ACM, New York (1998). https://doi.org/10.1145/310889.310900

  21. Turner II, B.L., et al.: Science and technology for sustainable development special feature: a framework for vulnerability analysis in sustainability science. Proc. Natl. Acad Sci. 100, 8074–8079 (2003)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Universidad Politecnica de Madrid, Ctra. Valencia. Km. 7, 28031, Madrid, Spain

    David Nicolas Bartolini & Cesar Benavente-Peces

  2. Hochschule Wismar, University of Applied Sciences - Technology, Business and Design, Philipp-Müller-Straße 14, 23966, Wismar, Germany

    Andreas Ahrens

Authors
  1. David Nicolas Bartolini
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Cesar Benavente-Peces
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andreas Ahrens
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Cesar Benavente-Peces .

Editor information

Editors and Affiliations

  1. University of Jordan, Amman, Jordan

    Mohammad S. Obaidat

  2. King Juan Carlos University, Madrid, Madrid, Spain

    Enrique Cabello

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bartolini, D.N., Benavente-Peces, C., Ahrens, A. (2019). Using Risk Assessments to Assess Insurability in the Context of Cyber Insurance. In: Obaidat, M., Cabello, E. (eds) E-Business and Telecommunications. ICETE 2017. Communications in Computer and Information Science, vol 990. Springer, Cham. https://doi.org/10.1007/978-3-030-11039-0_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-11039-0_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-11038-3

  • Online ISBN: 978-3-030-11039-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation