The Evolution of Cyberinsurance

Cyberinsurance is a powerful tool to align market incentives toward improving Internet security. We trace the evolution of cyberinsurance from traditional insurance policies to early cyber-risk insurance policies to current comprehensive cyberinsurance products. We find that increasing Internet security risk in combination with the need for compliance with recent corporate legislation has contributed significantly to the demand for cyberinsurance. Cyberinsurance policies have become more comprehensive as insurers better understand the risk landscape and specific business needs. More specifically, cyberinsurers are addressing what used to be considered insurmountable problems (e.g., adverse selection/asymmetric information, moral hazard, etc.) that could lead to a failure of this market solution. Although some implementation issues remain, we suggest the future development of cyberinsurance will resolve these issues as evidenced by insurance solutions in other risk domains.

[1]  Walter S. Baer,et al.  Rewarding IT Security in the Marketplace , 2003 .

[2]  S. Shavell On Moral Hazard and Insurance , 1979 .

[3]  B. Clifford Neuman,et al.  Endorsements, licensing, and insurance for distributed system services , 1994, CCS '94.

[4]  Daniel E. Geer,et al.  Information security is information risk management , 2001, NSPW '01.

[5]  Jeffrey Kehne Encouraging Safety Through Insurance- Based Incentives: Financial Responsibility for Hazardous Wastes , 1986 .

[6]  J. Kesan,et al.  The Economic Case for Cyberinsurance , 2004 .

[7]  Hazel Glenn Beh,et al.  Physical Losses in Cyberspace , 2001 .

[8]  Paul Jones,et al.  Secrets and Lies: Digital Security in a Networked World , 2002 .

[9]  Earl L. Grinols,et al.  An exact measure of welfare change , 1991 .

[10]  Earl L. Grinols,et al.  A thorn in the lion's paw: Has britain paid too much for Common Market membership? , 1984 .

[11]  Dan Geer,et al.  Risk Management Is Still Where the Money Is , 2003, Computer.

[12]  P. Dasgupta,et al.  Equilibrium in Competitive Insurance Markets : An Essay on the Economics of Imperfect Information , 2007 .

[13]  R. Feenstra Advanced international trade : theory and evidence , 2004 .

[14]  I. Ehrlich,et al.  Market Insurance, Self-Insurance, and Self-Protection , 1972, Journal of Political Economy.

[15]  Srinivasan Raghunathan,et al.  Cyber Insurance and IT Security Investment: Impact of Interdependence Risk , 2005, WEIS.

[16]  Jay P. Kesan,et al.  Cybercrimes and Cyber-Attack: Technological, Economic and Law-Based Solutions , 2005 .

[17]  H. Kunreuther,et al.  You Only Die Once: Managing Discrete Interdependent Risks , 2003 .

[18]  Matthew Crane,et al.  International Liability in Cyberspace , 2001 .