Does Insurance Have a Future in Governing Cybersecurity?

Cyber insurance could achieve public policy goals for cybersecurity using private-sector means. Insurers assess organizational security postures, prescribe security procedures and controls, and provide postincident services. We evaluate how such mechanisms impact security, identify market dynamics restricting their effectiveness, and sketch out possible futures for cyber insurance as governance.

[1]  Tyler Moore,et al.  The economics of cybersecurity: Principles and policy options , 2010, Int. J. Crit. Infrastructure Prot..

[2]  Ulrik Franke,et al.  The cyber insurance market in Sweden , 2017, Comput. Secur..

[3]  Sadie Creese,et al.  Analysing cyber-insurance claims to design harm-propagation trees , 2019, 2019 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA).

[4]  Daniel W. Woods,et al.  The County Fair Cyber Loss Distribution: Drawing Inferences from Insurance Prices , 2019 .

[5]  Therese Jones,et al.  Content analysis of cyber insurance policies: how do carriers price cyber risk? , 2019, J. Cybersecur..

[6]  Rainer Böhme,et al.  Modeling Cyber-Insurance: Towards a Unifying Framework , 2010, WEIS.

[7]  Daniel W. Woods,et al.  Policy Measures and Cyber Insurance: A Framework , 2017 .

[8]  Markus Riek,et al.  A Fundamental Approach to Cyber Risk Analysis , 2018 .

[9]  Aaron Doyle,et al.  Insurance as governance , 2003 .

[10]  Bruce Schneier,et al.  Insurance and the computer industry , 2001, CACM.

[11]  Sadie Creese,et al.  Mapping the coverage of security controls in cyber insurance proposal forms , 2017, Journal of Internet Services and Applications.

[12]  Shauhin A. Talesh Data Breach, Privacy, and Cyber Insurance: How Insurance Companies Act as “Compliance Managers” for Businesses , 2018, Law & Social Inquiry.

[13]  Tyler Moore,et al.  Security Economics and European Policy , 2008, WEIS.

[14]  Andrea Coulson,et al.  Organized uncertainty: designing a world of risk management , 2008 .