Skip to main content
SpringerLink
Log in

Facing Uncertainty in Cyber Insurance Policies

  • Conference paper
  • First Online:
Security and Trust Management (STM 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10547))

Included in the following conference series:

Abstract

Cyber insurance has gained less ground in Europe than in the U.S., but with emerging laws and regulations, the prospect of considerable fines for security breaches is pushing many organisations into this market. A qualitative interview study in Norway reveals the main uncertainty factors for organisations that have little experience with the cyber insurance consideration process, and how they perceive the products, process and expected support in case of a cyber incident. These uncertainty factors can be reduced by being aware of typical coverage gaps, exclusions and loss types that are commonly found in cyber insurance products.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The dataset we have received from Advisen is dated November 2016 and contains 33023 world-wide cyber loss events. Romanosky has described the origins of this data in [24].

References

  1. Association of British Insurers: Making sense of cyber insurance: a guide for SMEs. Technical report, ABO (2016)

    Google Scholar 

  2. Bandyopadhyay, T.: Organizational adoption of cyber insurance instruments in it security risk management: a modeling approach, Proceedings, P. 5 (2012)

    Google Scholar 

  3. Bandyopadhyay, T., Mookerjee, V.S., Rao, R.C.: Why IT managers don’t go for cyber-insurance products. Commun. ACM 52(11), 68–73 (2009)

    Article  Google Scholar 

  4. Bentz, T.: Negotiating key cyber exclusions. Insurance Day (2015). https://www.insuranceday.com/news_analysis/legal_focus/negotiating-key-cyber-exclusions.htm

  5. Böhme, R., Schwartz, G.: Modeling cyber-insurance: towards a unifying framework. In: Workshop on the Economics in Information Security (WEIS) (2012)

    Google Scholar 

  6. Cambridge Centre for Risk Studies: Managing cyber insurance accumulation risk. Technical report, University of Cambridge (2016)

    Google Scholar 

  7. Cohn, C., Barlyn, S.: European, Asian companies short on cyber insurance before ransomware attack (2017). http://www.reuters.com/article/us-cyber-attack-insurance-idUSKCN18B00H

  8. CRIF: Cyber insurance and the terrorism exclusion (2014). http://www.cyberriskinsuranceforum.com/content/cyber-insurance-and-terrorism-exclusion

  9. DG Justice and Consumers: Reform of EU data protection rules (2016). http://ec.europa.eu/justice/data-protection/reform/index_en.htm

  10. Digital Single Market: Digital scoreboard (2016). https://ec.europa.eu/digital-single-market/digital-scoreboard

  11. Dobie, G., Collins, S.: A guide to cyber risk - managing the impact of increasing interconnectivity. Technical report, Allianz (2015). http://www.agcs.allianz.com/assets/PDFs/risk%20bulletins/CyberRiskGuide.pdf

  12. ENISA, Robinson, N.: Incentives and barriers of the cyber insurance market in Europe. Report 28th June 2012. http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/incentives-and-barriers-of-the-cyber-insurance-market-in-europe/at_download/fullReport

  13. Gordon, L.A., Loeb, M.P., Sohail, T.: A framework for using insurance for cyber-risk management. Commun. ACM 46(3), 81–85 (2003)

    Article  Google Scholar 

  14. Hiscox: The hiscox cyber readiness report (2017). https://www.hiscox.co.uk/cyber-readiness-report/docs/cyber-readiness-report-2017.pdf

  15. Hurtaud, S., Flamand, T., de la Vaissiere, L., Hounka, A.: Cyber insurance as one element of the cyber risk management strategy, February 2015. https://www2.deloitte.com/lu/en/pages/risk/articles/cyber-insurance-element-cyber-risk-management-strategy.html

  16. Lloyd’s, Cambridge Centre for Risk Studies: Lloyds City Risk Index 2015–2025 (2015). http://hwww.lloyds.com/cityriskindex/

  17. Maude, F.: The role of insurance in managing and mitigating the riske (2015). https://www.marsh.com/uk/insights/research/uk-cyber-security-role-of-insurance-in-managing-mitigating-risk.html

  18. Meland, P.H., Tøndel, I.A., Solhaug, B.: Mitigating risk with cyberinsurance. IEEE Secur. Priv. 13(6), 38–43 (2015)

    Article  Google Scholar 

  19. Nikolaeva, M., Rivet, M.: French central bank chief urges insurers to step up cyber risk coverage (2017). http://www.reuters.com/article/us-france-insurance-idUSKBN1591Q9

  20. Pain, L.D., Anchen, J., Bundt, M., Durand, E., Schmitt, M.: Cyber: In search of resilience in an interconnected world (2016). http://www.swissre.com/library/archive/Demand_for_cyber_insurance_on_the_rise_joint_Swiss_Re_IBM_study_shows.html

  21. Ponemon: Managing cyber security as a business risk: Cyber insurance in the digital age. Report, Ponemon Institute, August 2013. http://www.ponemon.org/blog/managing-cyber-security-as-a-business-risk-cyber-insurance-in-the-digital-age

  22. National Protection and Programs Directorate: Cyber risk culture roundtable readout report. Technical report. U.S. Department of Homeland Security (2013)

    Google Scholar 

  23. National Protection and Programs Directorate: Cybersecurity insurance workshop readout report. Technical report. U.S. Department of Homeland Security (2012)

    Google Scholar 

  24. Romanosky, S.: Examining the costs and causes of cyber incidents. J. Cybersecur. 2(2), 121–135 (2016)

    Google Scholar 

  25. Siemens, R., Beck, D.: How to buy cyber insurance. Risk Manag. 59(8), 40 (2012)

    Google Scholar 

  26. Svanemyr, S.: Kontantene forsvinner i butikkene (Norwegian) (2016). https://tinyurl.com/j7qaqe9

  27. Swiss Re Institute: Cyber: getting to grips with a complex risk. Technical report, Swiss Re (2017). http://www.swissre.com/library/sigma_01_2017_en.html

  28. World Economic Forum: The global risks report 2016, 11st edn. (2016). http://www3.weforum.org/docs/GRR/WEF_GRR16.pdf

Download references

Acknowledgments

This research has been performed as part of the inSecurance project funded by SINTEF Digital. We would like to thank the representatives from all the organisations that participated in the interviews for sharing their experiences with us, and discussions with representatives from brokers and insurance companies. A final gratitude to Professor Guttorm Sindre at NTNU for feedback and comments.

Author information

Authors and Affiliations

  1. Norwegian University of Science and Technology, Trondheim, Norway

    Per Håkon Meland & Inger Anne Tøndel

  2. SINTEF Digital, Trondheim, Norway

    Per Håkon Meland, Inger Anne Tøndel, Marie Moe & Fredrik Seehusen

Authors
  1. Per Håkon Meland
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Inger Anne Tøndel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marie Moe
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Fredrik Seehusen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Per Håkon Meland .

Editor information

Editors and Affiliations

  1. Università degli Studi di Milano, Crema, Italy

    Giovanni Livraga

  2. University of London, Egham, United Kingdom

    Chris Mitchell

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Meland, P.H., Tøndel, I.A., Moe, M., Seehusen, F. (2017). Facing Uncertainty in Cyber Insurance Policies. In: Livraga, G., Mitchell, C. (eds) Security and Trust Management. STM 2017. Lecture Notes in Computer Science(), vol 10547. Springer, Cham. https://doi.org/10.1007/978-3-319-68063-7_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-68063-7_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-68062-0

  • Online ISBN: 978-3-319-68063-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation