Facing Uncertainty in Cyber Insurance Policies

  • Per Håkon MelandEmail author
  • Inger Anne Tøndel
  • Marie Moe
  • Fredrik Seehusen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10547)


Cyber insurance has gained less ground in Europe than in the U.S., but with emerging laws and regulations, the prospect of considerable fines for security breaches is pushing many organisations into this market. A qualitative interview study in Norway reveals the main uncertainty factors for organisations that have little experience with the cyber insurance consideration process, and how they perceive the products, process and expected support in case of a cyber incident. These uncertainty factors can be reduced by being aware of typical coverage gaps, exclusions and loss types that are commonly found in cyber insurance products.


Cyber insurance Risk management Gap analysis Exclusions Coverage Negotiation 



This research has been performed as part of the inSecurance project funded by SINTEF Digital. We would like to thank the representatives from all the organisations that participated in the interviews for sharing their experiences with us, and discussions with representatives from brokers and insurance companies. A final gratitude to Professor Guttorm Sindre at NTNU for feedback and comments.


  1. 1.
    Association of British Insurers: Making sense of cyber insurance: a guide for SMEs. Technical report, ABO (2016)Google Scholar
  2. 2.
    Bandyopadhyay, T.: Organizational adoption of cyber insurance instruments in it security risk management: a modeling approach, Proceedings, P. 5 (2012)Google Scholar
  3. 3.
    Bandyopadhyay, T., Mookerjee, V.S., Rao, R.C.: Why IT managers don’t go for cyber-insurance products. Commun. ACM 52(11), 68–73 (2009)CrossRefGoogle Scholar
  4. 4.
    Bentz, T.: Negotiating key cyber exclusions. Insurance Day (2015).
  5. 5.
    Böhme, R., Schwartz, G.: Modeling cyber-insurance: towards a unifying framework. In: Workshop on the Economics in Information Security (WEIS) (2012)Google Scholar
  6. 6.
    Cambridge Centre for Risk Studies: Managing cyber insurance accumulation risk. Technical report, University of Cambridge (2016)Google Scholar
  7. 7.
    Cohn, C., Barlyn, S.: European, Asian companies short on cyber insurance before ransomware attack (2017).
  8. 8.
    CRIF: Cyber insurance and the terrorism exclusion (2014).
  9. 9.
    DG Justice and Consumers: Reform of EU data protection rules (2016).
  10. 10.
    Digital Single Market: Digital scoreboard (2016).
  11. 11.
    Dobie, G., Collins, S.: A guide to cyber risk - managing the impact of increasing interconnectivity. Technical report, Allianz (2015).
  12. 12.
  13. 13.
    Gordon, L.A., Loeb, M.P., Sohail, T.: A framework for using insurance for cyber-risk management. Commun. ACM 46(3), 81–85 (2003)CrossRefGoogle Scholar
  14. 14.
  15. 15.
    Hurtaud, S., Flamand, T., de la Vaissiere, L., Hounka, A.: Cyber insurance as one element of the cyber risk management strategy, February 2015.
  16. 16.
    Lloyd’s, Cambridge Centre for Risk Studies: Lloyds City Risk Index 2015–2025 (2015).
  17. 17.
    Maude, F.: The role of insurance in managing and mitigating the riske (2015).
  18. 18.
    Meland, P.H., Tøndel, I.A., Solhaug, B.: Mitigating risk with cyberinsurance. IEEE Secur. Priv. 13(6), 38–43 (2015)CrossRefGoogle Scholar
  19. 19.
    Nikolaeva, M., Rivet, M.: French central bank chief urges insurers to step up cyber risk coverage (2017).
  20. 20.
    Pain, L.D., Anchen, J., Bundt, M., Durand, E., Schmitt, M.: Cyber: In search of resilience in an interconnected world (2016).
  21. 21.
    Ponemon: Managing cyber security as a business risk: Cyber insurance in the digital age. Report, Ponemon Institute, August 2013.
  22. 22.
    National Protection and Programs Directorate: Cyber risk culture roundtable readout report. Technical report. U.S. Department of Homeland Security (2013)Google Scholar
  23. 23.
    National Protection and Programs Directorate: Cybersecurity insurance workshop readout report. Technical report. U.S. Department of Homeland Security (2012)Google Scholar
  24. 24.
    Romanosky, S.: Examining the costs and causes of cyber incidents. J. Cybersecur. 2(2), 121–135 (2016)Google Scholar
  25. 25.
    Siemens, R., Beck, D.: How to buy cyber insurance. Risk Manag. 59(8), 40 (2012)Google Scholar
  26. 26.
    Svanemyr, S.: Kontantene forsvinner i butikkene (Norwegian) (2016).
  27. 27.
    Swiss Re Institute: Cyber: getting to grips with a complex risk. Technical report, Swiss Re (2017).
  28. 28.
    World Economic Forum: The global risks report 2016, 11st edn. (2016).

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Per Håkon Meland
    • 1
    • 2
    Email author
  • Inger Anne Tøndel
    • 1
    • 2
  • Marie Moe
    • 2
  • Fredrik Seehusen
    • 2
  1. 1.Norwegian University of Science and TechnologyTrondheimNorway
  2. 2.SINTEF DigitalTrondheimNorway

Personalised recommendations