14 research outputs found
Pricing and Investments in Internet Security: A Cyber-Insurance Perspective
Internet users such as individuals and organizations are subject to different
types of epidemic risks such as worms, viruses, spams, and botnets. To reduce
the probability of risk, an Internet user generally invests in traditional
security mechanisms like anti-virus and anti-spam software, sometimes also
known as self-defense mechanisms. However, such software does not completely
eliminate risk. Recent works have considered the problem of residual risk
elimination by proposing the idea of cyber-insurance. In this regard, an
important research problem is the analysis of optimal user self-defense
investments and cyber-insurance contracts under the Internet environment. In
this paper, we investigate two problems and their relationship: 1) analyzing
optimal self-defense investments in the Internet, under optimal cyber-insurance
coverage, where optimality is an insurer objective and 2) designing optimal
cyber-insurance contracts for Internet users, where a contract is a (premium,
coverage) pair
Evaluation of Cyber Insurance as a Risk Management Tool Providing Cyber-Security
Purpose – to clarify the characteristics of cyber risk and cyber insurance. More specifically to
identify key parts of cyber insurance contract and analyse cyber insurance market.
Design/methodology/approach: methodologically this research paper concentrates on
analyses and study of scientific literature in order to provide the proper description and classification
of cyber risks. Also statistical data was collected and analysed to provide a cyber-risk insurance
market overview. Moreover, to prepare the underwriting methodology part in this paper, the scientific
literature deduction was used, to reach conclusions from collected information sources.
Findings: firstly, this research paper provides an explicit definition of a cyber-risk and cyber
insurance. In general, financial institutions and regulators of insurance market categorize cyber type
risks as a part of operational risk because it is related to technology and information assets. Therefore,
cyber risk is described as operational risk that affects technology assets, information, databases and
other sensitive online storage. According to guidelines provided in Solvency II and Basel II documents,
cyber risks can be put into four categories: technology and system failures, unsuccessful internal
processes, act of people, external processes. These four categories of potential cyber risks are
described particularly in this article. Secondly, the comprehensive cyber insurance market analyses is
provided following the article. According to AXA Insurance Solutions company there was 170 insurers
offering cyber liability policies in 2017 and about 30 more new carriers joined the market in 2018.
According to the Cyber Policy Inc. the number 5 cyber insurance carriers in the marker is: AIG; Chubb;
Hiscox, Liberty Mutual, HSB. With the beginning of 2019 it is expected from buyers to keep pressuring
the insurance companies to deliver even more comprehensive services, more coverage options and
potential. In general, cyber insurance market is supposed to remain stable, but the quality of policy
language should evolve together with other endorsements to general cyber insurance policy. Thirdly,
the general guidelines of underwriting the cyber insurance coverage policy is provided within this
paper. In order to implement any form of risk reduction for cyber risk (also including insurance), the
company at first should very clearly expose its potential vulnerabilities and weaknesses. Three types
of general internal company’s information can be marked out for preparing the cyber insurance
coverage background: IT related information; human resources; finance, internal audit, legal issues.
For insurance company to better understand the company the general business information is most
important part. In order to extent the company’s disclosure to cyber threats and to better prepare the
solutions if insurance this business profile information should be conducted very carefully. Prevention
is one of the most important factors of a cyber-risk insurance policy. Companies that are buying cyber
risk insurance may get access to pre-breach assessments, prevented suppliers or cybersecurity
information for this purpose.
Research limitations: this research paper concentrates on the European Union insurance
market and experience of the insurer located in the EU. Moreover, this field of research is very
unstable and the changing very fast together with continuously development of IT services sector.
More studies and analyses should be made together with the changing environment of cyber security. Practical implications: this research paper may serve not only for further studies and scientific
discussion. Moreover, it could be useful for the businesses as a valuable tool to better understand what
cyber insurance is, how to prepare for implementing cyber security policy in the company
Policy measures and cyber insurance: a framework
The role of the insurance industry in driving improvements in cyber security has
been identified as mutually beneficial for both insurers and policy-makers. To date,
there has been no consideration of the roles governments and the insurance industry
should pursue in support of this public–private partnership. This paper rectifies
this omission and presents a framework to help underpin such a partnership, giving
particular consideration to possible government interventions that might affect the
cyber insurance market. We have undertaken a qualitative analysis of reports published
by policy-making institutions and organisations working in the cyber insurance
domain; we have also conducted interviews with cyber insurance professionals.
Together, these constitute a stakeholder analysis upon which we build our framework.
In addition, we present a research roadmap to demonstrate how the ideas
described might be taken forward