Search results
1 – 10 of over 1000Călin Mihail Rangu, Leonardo Badea, Mircea Constantin Scheau, Larisa Găbudeanu, Iulian Panait and Valentin Radu
In recent years, the frequency and severity of cybersecurity incidents have prompted customers to seek out specialized insurance products. However, this has also presented…
Abstract
Purpose
In recent years, the frequency and severity of cybersecurity incidents have prompted customers to seek out specialized insurance products. However, this has also presented insurers with operational challenges and increased costs. The assessment of risks for health systems and cyber–physical systems (CPS) necessitates a heightened degree of attention. The significant values of potential damages and claims request a solid insurance system, part of cyber-resilience. This research paper focuses on the emerging cyber insurance market that is currently in the process of standardizing and improving its risk analysis concerning the potential insured entity.
Design/methodology/approach
The authors' approach involves a quantitative analysis utilizing a Likert-style questionnaire designed to survey cyber insurance professionals. The authors' aim is to identify the current methods used in gathering information from potential clients, as well as the manner in which this information is analyzed by the insurers. Additionally, the authors gather insights on potential improvements that could be made to this process.
Findings
The study the authors elaborated it has a particularly important cyber and risk components for insurance area, because it addresses a “niche” area not yet proper addressed in specialized literature – cyber insurance. Cyber risk management approaches are not uniform at the international level, nor at the insurer level. Also, not all insurers can perform solid assessments, especially since their companies should first prove that they are fully compliant with international cyber security standards.
Research limitations/implications
This research has concentrated on analyzing the current practices in terms of gathering information about the insured entity before issuing the cyber insurance policy, level of details concerning the cyber security posture of the insured entity and way such information should be analyzed in a standardized and useful manner. The novelty of this research resides in the analysis performed as detailed above and the proposals in terms of information gathered, depth of analysis and standardization of approach made. Future work on the topic can focus on the standardization process for analyzing cyber risk for insurance clients, to improve the proposal based also on historical elements and trends in the market. Thus, future research can further refine the standardization process to analyze in more depth the way this can be implemented and included in relevant legislation at the EU level.
Practical implications
Proposed improvements include proposals in terms of the level of detail and the usefulness of an independent centralized approach for information gathering and analysis, especially given the re-insurance and brokerage activities. The authors also propose a common practical procedural approach in risk management, with the involvement of insurance companies and certification institutions of cyber security auditors.
Originality/value
The study investigates the information gathered by insurers from potential clients of cyber insurance and the way this is analyzed and updated for issuance of the insurance policy.
Details
Keywords
Yen-Chih Chen and Yin-Yee Leong
Given the continuing growth in both the complexity and severity of cyber risk, a fundamental rethink of cyber risk management has become an issue of paramount importance…
Abstract
Given the continuing growth in both the complexity and severity of cyber risk, a fundamental rethink of cyber risk management has become an issue of paramount importance, particularly as insurance firms are now providing both cyber risk management services and cyber risk insurance coverage. In this study, we set out to provide analyses of the prevailing cyber risk levels in various industries using the “Chronology of Data Breaches” database and then go on to assess the overall benefits of cyber risk insurance coverage. Our results reveal that compared to other industries, insurance firms exhibit superior cyber risk management. Regardless of internal and external cyber risk, insurance companies retain the lowest cyber losses. We further provide evidence to show that cyber risk insurance policies alone cannot effectively cover the potentially extreme cyber risk losses for most industries. However, the situation can be improved by implementing cyber risk management services provided by insurance firms. Insurance firms may need to provide an efficient cyber risk management system to lower the frequency and severity of extreme events.
Details
Keywords
Previous studies generally focused on the definition of cybercrime and its effect on the market. Following Kesan’s study, this paper aims to analyse the relationship between cyber…
Abstract
Purpose
Previous studies generally focused on the definition of cybercrime and its effect on the market. Following Kesan’s study, this paper aims to analyse the relationship between cyber insurance and social welfare and compare it among three countries, namely, USA, UK and Turkey. The paper also discusses the main obstacles that the cyber insurer has to deal with and its effect on social welfare. This paper answers two questions related to cyber insurance at an aggregate level. First, “what kind of contribution does cyber insurance make to social welfare?” Second,“What kind of problems do insurers and insured have to face?” Although the findings are similar to Kesan’s study, this study gives an opportunity to make a country-based study and interpret the results with a different perspective.
Design/methodology/approach
The calculation of utility is also important for interpreting social welfare in the market. Consumer behaviour under uncertainty constructs the background for this paper because the risks of malicious attacks are contingent and independent, which means that consumers have to make their decisions under uncertainty. Von-Neumann-Morgenstern utility function is used for interpreting consumer’s behaviour.
Findings
Basically, there are two important conclusions that can derive for cyber insurance. First, cyber insurance can be defined as a higher security investment when coupled with increased levels of safety and a robust IT infrastructure. Second, cyber insurance, as a high-security investment, would have a positive impact on social welfare by making the internet safer for all users. The results show that the problems that lead to market failure can be virtually eliminated with an accurate risk assessment that leads to appropriate premium levels for insured. These results are consistent with those of study by Kesan et al. (2006).
Research limitations/implications
Data availability for different industries have limited the ability to compare the impact of cyber-crime to different sectors.
Originality/value
Technological devices have become part of our daily life. Although they have brought us increasing access to all types of information, including opportunities for business, they have also increased the risk of malicious attacks and the risk of e-crime. By replicating the economic model used by Kesan et al. (2006), social welfare losses and insurance premiums are calculated for three countries: USA, UK and Turkey. Questions pertaining to contribution of cyber insurance to social welfare and problems faced by insurers and insured are addressed.
Details
Keywords
Martin Eling and Werner Schnell
This paper aims to provide an overview of the main research topics in the emerging fields of cyber risk and cyber risk insurance. The paper also illustrates future research…
Abstract
Purpose
This paper aims to provide an overview of the main research topics in the emerging fields of cyber risk and cyber risk insurance. The paper also illustrates future research directions, from both academic and practical points of view.
Design/methodology/approach
The authors conduct a literature review on cyber risk and cyber risk insurance using a standardized search and identification process that has been used in various academic articles. Based upon this selection process, a database of 209 papers is created. The main research results findings are extracted and organized in seven clusters.
Findings
The results illustrate the immense difficulties to insure cyber risk, especially due to a lack of data and modelling approaches, the risk of change and incalculable accumulation risks. The authors discuss various ways to overcome these insurability limitations, such as mandatory reporting requirements, pooling of data or public–private partnerships in which the government covers parts of the risk.
Originality/value
Despite its increasing relevance for businesses at present, research on cyber risk is limited. Many papers can be found in the IT domain, but relatively little research has been done in the business and economics literature. The authors illustrate where research stands currently and outline directions for future research.
Details
Keywords
Haitham Nobanee, Ahmad Yuosef Alodat, Mehroz Nida Dilshad, Alaa El Sayah, Sondos Nezam Alas’ad, Baraa Omar Al Shalabi, Sara Fadel Alsadi, Noora Mohammed Al Marri and Farzin Kamal Fiza
This study aims to examine the research output on cyber insurance from 2002 to 2021 through an extensive bibliometric analysis. It examines the cyber insurance resources and how…
Abstract
Purpose
This study aims to examine the research output on cyber insurance from 2002 to 2021 through an extensive bibliometric analysis. It examines the cyber insurance resources and how the process of cyber insurance works.
Design/methodology/approach
This paper uses Scopus and VOSviewer to analyze cyber insurance papers. Using 503 papers from Scopus, this paper enhances the understanding of cyber insurance through collaborative network maps of experts and researchers.
Findings
The study comprehensively evaluates the development of cyber research. The results show that the number of research articles on cyber insurance has significantly increased since 2009.
Practical implications
The study's results offer practical implications for researchers to gain knowledge on the latest trends and developments in the domain. In addition, the study highlights the significance of cyber insurance in mitigating financial risks linked to cyberattacks, potentially boosting the investment of more organizations in such policies. Furthermore, practitioners can enhance their understanding of the various types of cyber insurance policies and their coverage.
Originality/value
Our results are likely to encourage practitioners, computer scientists, auditors, accountants and lawyers to contribute further to corporate strategies, data analytics and business operations to mitigate cyber risk consequences. In addition, understanding regarding the cyber insurance concept formed between experts and researchers is limited. This paper fills this gap by evaluating and identifying the development of cyber insurance literature.
Details
Keywords
Hayretdin Bahşi, Ulrik Franke and Even Langfeldt Friberg
This paper aims to describe the cyber-insurance market in Norway but offers conclusions that are interesting to a wider audience.
Abstract
Purpose
This paper aims to describe the cyber-insurance market in Norway but offers conclusions that are interesting to a wider audience.
Design/methodology/approach
The study is based on semi-structured interviews with supply-side actors: six general insurance companies, one marine insurance company and two insurance intermediaries.
Findings
The Norwegian cyber-insurance market supply-side has grown significantly in the past two years. The General Data Protection Regulation (GDPR) is found to have had a modest effect on the market so far but has been used by the supply-side as an icebreaker to discuss cyber-insurance with customers. The NIS Directive has had little or no impact on the Norwegian cyber-insurance market until now. Informants also indicate that Norway is still the least mature of the four Nordic markets.
Practical implications
Some policy lessons for different stakeholders are identified.
Originality/value
Empirical investigation of cyber-insurance is still rare, and the paper offers original insights on market composition and actor motivations, ambiguity of coverage, the NIS Directive and GDPR.
Details
Keywords
Kuldeep Singh Kaswan, Jagjit Singh Dhatterwal, Sanjay Kumar and Sandeep Lal
Purpose: A cyber insurance policy’s purpose is to help in the recovering of a person or corporation following a cyber breach and to compensate for civil suit expenses stemming…
Abstract
Purpose: A cyber insurance policy’s purpose is to help in the recovering of a person or corporation following a cyber breach and to compensate for civil suit expenses stemming from first- and third-party responsibility claims.
Methodology: The usage of cybersecurity spending has forecast a variety of security categories using F&S projection methodology. Each of these is suited to the end-user organisations of in-scope security mechanisms, as well as the particular market circumstances. Critical national infrastructure (CNI), immigration control, big events, first responding, executive branch, infrastructure, and transportation security are among the worldwide forecast categories. This segmentation is further subdivided into 16 subsegments, each with its own security forecasting system. F&S protection marketplaces are anticipated using a bottom-up technique for each nation, which adds up to worldwide market penetration. This covers 177 nations spread throughout seven zones.
Findings: The cybersecurity insurer industry was valued at USD 7.36 billion in 2020 and is predicted to be worth USD 27.83 billion by 2026, growing at a compound annual growth rate (CAGR) of 24.30% during the forecast time frame (2021–2026). The expanding use of digitalisation innovations such as the cloud, big data, mobile computing, internet of things (IoT), and artificial intelligence (AI) across more lines of employment and society, as well as improved connectivity, have enhanced the burden of already overburdened information technology (IT) staff.
Practical implications: Accepted the innovative Insurance Data Security Model Law (#668), which necessitates insurance providers and other agencies registered by government insurance agencies to advance, integrate, and establish an information security management system; start investigating any cybersecurity events; and advise the private insurance superintendent of such happenings. Too far, the approach has been embraced by governorates.
Details
Keywords
However, pricing these policies is tough due to incomplete modelling data about the frequency and cost of breaches, and uncertainty about the scale and interconnectedness of cyber…
Details
DOI: 10.1108/OXAN-DB276226
ISSN: 2633-304X
Keywords
Geographic
Topical
This paper aims to present the case of an Italian SME in the domain of insurance and how it approached its own digital transformation. Together with the founders of the SME, the…
Abstract
Purpose
This paper aims to present the case of an Italian SME in the domain of insurance and how it approached its own digital transformation. Together with the founders of the SME, the author investigated the digital trends the company should adopt and identified where to intervene in the value chain of the company with new technologies available in the market. The research was focused on the following three sub-domains: a strategy for adoption of innovative digital solutions to improve the everyday operations of the company, platform connecting the company with the customers and analysis of cyber insurance policies to include in the portfolio of the company.
Design/methodology/approach
For the part on strategy for adoption of innovative digital solutions, the author performed literature review; for the part in which the study ideates new solution to better connect the company with the customers, the author relied on design thinking, creative facilitation and prototyping; and for the part on cyber insurance policies to include the portfolio, the author relied on data available from other insurance companies the SME collaborates with.
Findings
This paper presented the analysis on how an insurance SME can embrace digital innovation (via internal innovation, buying from startups, partnering with startups or investing in startups), how an SME can do internal innovation and come up with a simple tool to bring closer the insurers and their customers and types of new cyber risk policies to include in the portfolio to respond to the growing demand for cyber risk insurance. This paper provides useful insights and lessons learned from companies of similar size in the domain of insurance and discusses future extensions of inquiry.
Originality/value
Big insurance companies and incumbent for their digitization efforts rely on the freshly created InsurTechs wave of companies. In this paper, the author analyzes what small- and medium-sized insurance enterprises can do in this respect and showcases the approach an Italian SME took in this direction.
Details
Keywords
Karen C. Su, Chung-Bow Lee, Shu-Hui Lin, I-Chien Liu and Hong-Chi Chen
Cyber risk refers to risk affecting information and technology assets of a corporation or government institution. As cyber risk management become important, insurance is one…
Abstract
Cyber risk refers to risk affecting information and technology assets of a corporation or government institution. As cyber risk management become important, insurance is one possible solution. However, lack of data and severe information asymmetries increase the difficulties in pricing-related insurance products. In this chapter, we discuss first-party insurance that indemnifies the loss when the insured encounters virus attack and provide pricing model for the policy using copula methodology. Simulation results show that model risk may exist in the distribution of server downtime hours and is minor in the distribution of incident frequency and number of personal computers (PCs) infected.
Details