Potential Rating Indicators for Cyberinsurance: An Exploratory Qualitative Study

In this paper we present the results of an exploratory qualitative study with experts. The aim of the study was the identification of potential rating variables which could be used to calculate a premium for Cyberinsurance coverages. For this purpose we have conducted semi-structured qualitative interviews with a sample of 36 experts from the DACH region. The gathered statements have been consolidated and further reduced to a subset of indicators which are available and difficult to manipulate. The reduced set of indicators has been presented again to the 36 experts in order to rank them according to their relative importance. In this paper we describe the results of this exploratory qualitative study and conclude by discussing implications of our findings for both research and practice.

[1]  Nirup M. Menon,et al.  Information Security Risk Management through Self-Protection and Insurance , 2005 .

[2]  Giuseppe Dari-Mattiacci,et al.  The Economics of Pure Economic Loss and the Internalisation of Multiple Externalities , 2003 .

[3]  J. Novak The Theory Underlying Concept Maps and How To Construct Them , 2004 .

[4]  James J. Jiang,et al.  A Measure of Software Development Risk , 2002 .

[5]  Indranil Bose,et al.  Enter the Dragon: Khillwar's Foray into the Mobile Gaming Market of China , 2011, Commun. Assoc. Inf. Syst..

[6]  Daniel L. Sherrell,et al.  Communications of the Association for Information Systems , 1999 .

[7]  William M. K. Trochim,et al.  Concept mapping: an introduction to structured conceptualization in health care. , 2005, International journal for quality in health care : journal of the International Society for Quality in Health Care.

[8]  James J. Jiang,et al.  The Importance of Building a Foundation for User Involvement in Information System Projects , 2002 .

[9]  J. Novak,et al.  Concept Maps : Theory , Methodology , Technology , 2004 .

[10]  KeilMark,et al.  Identifying Software Project Risks , 2001 .

[11]  Rainer Böhme,et al.  Economic Security Metrics , 2005, Dependability Metrics.

[12]  Walter S. Baer,et al.  Rewarding IT Security in the Marketplace , 2003 .

[13]  Rainer Böhme,et al.  Cyber-Insurance Revisited , 2005, WEIS.

[14]  Danny Bradbury Technology: Protecting what matters , 2008 .

[15]  Steven L. Alter,et al.  Information Systems Risks and Risk Factors: Are They Mostly About Information Systems? , 2004, Commun. Assoc. Inf. Syst..

[16]  Hemantha S. B. Herath,et al.  Cyber-Insurance: Copula Pricing Framework and Implication for Risk Management , 2007, WEIS.

[17]  Lawrence A. Gordon,et al.  A framework for using insurance for cyber-risk management , 2003, Commun. ACM.

[18]  Harold F. Tipton,et al.  Information security management handbook, Sixth Edition , 2003 .

[19]  Samir Chatterjee,et al.  e-Risk Management with Insurance: A Framework Using Copula Aided Bayesian Belief Networks , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[20]  AMY S. BOUSKA,et al.  EXPOSURE BASES REVISITED , 1999 .

[21]  Efraim Turban,et al.  Information Technology for Management: Transforming Organizations in the Digital Economy , 2004 .

[22]  Kalle Lyytinen,et al.  Identifying Software Project Risks: An International Delphi Study , 2001, J. Manag. Inf. Syst..

[23]  Low Sui Pheng,et al.  A framework for computing workers' compensation insurance premiums in construction , 2007 .

[24]  William Yurcik,et al.  Cyber-insurance As A Market-Based Solution To The Problem Of Cybersecurity , 2005, WEIS.

[25]  M. Power The invention of operational risk , 2005 .

[26]  Alberto J. Cañas,et al.  A TEORIA SUBJACENTE AOS MAPAS CONCEITUAIS E COMO ELABORÁ-LOS E USÁ-LOS * THE THEORY UNDERLYING CONCEPT MAPS AND HOW TO CONSTRUCT AND USE THEM , 2010 .

[27]  H. Zimmermann,et al.  OSI Reference Model - The ISO Model of Architecture for Open Systems Interconnection , 1980, IEEE Transactions on Communications.

[28]  A. Stinchcombe Information and Organizations , 2019 .

[29]  Michael D. Myers,et al.  The qualitative interview in IS research: Examining the craft , 2007, Inf. Organ..

[30]  Ruth Breu,et al.  An Empirically Derived Loss Taxonomy Based on Publicly Known Security Incidents , 2009, 2009 International Conference on Availability, Reliability and Security.

[31]  Jan Guynes Clark,et al.  Why there aren't more information security research studies , 2004, Inf. Manag..

[32]  Rainer Böhme,et al.  15 Economic Security Metrics , .

[33]  Wanda Anne Wiegers,et al.  The Use of Age, Sex, and Marital Status as Rating Variables in Automobile Insurance , 1989 .

[34]  Brian W. Cashell The Economic Impact of Cyber-Attacks , 2004 .

[35]  William M. K. Trochim,et al.  Concept Mapping as an Alternative Approach for the Analysis of Open-Ended Survey Responses , 2002 .