TY - JOUR AB - Purpose This paper aims to describe the cyber-insurance market in Norway but offers conclusions that are interesting to a wider audience.Design/methodology/approach The study is based on semi-structured interviews with supply-side actors: six general insurance companies, one marine insurance company and two insurance intermediaries.Findings The Norwegian cyber-insurance market supply-side has grown significantly in the past two years. The General Data Protection Regulation (GDPR) is found to have had a modest effect on the market so far but has been used by the supply-side as an icebreaker to discuss cyber-insurance with customers. The NIS Directive has had little or no impact on the Norwegian cyber-insurance market until now. Informants also indicate that Norway is still the least mature of the four Nordic markets.Practical implications Some policy lessons for different stakeholders are identified.Originality/value Empirical investigation of cyber-insurance is still rare, and the paper offers original insights on market composition and actor motivations, ambiguity of coverage, the NIS Directive and GDPR. VL - 28 IS - 1 SN - 2056-4961 DO - 10.1108/ICS-01-2019-0012 UR - https://doi.org/10.1108/ICS-01-2019-0012 AU - Bahşi Hayretdin AU - Franke Ulrik AU - Friberg Even Langfeldt PY - 2019 Y1 - 2019/01/01 TI - The cyber-insurance market in Norway T2 - Information & Computer Security PB - Emerald Publishing Limited SP - 54 EP - 67 Y2 - 2024/03/28 ER -