Search results
1 – 10 of over 1000Călin Mihail Rangu, Leonardo Badea, Mircea Constantin Scheau, Larisa Găbudeanu, Iulian Panait and Valentin Radu
In recent years, the frequency and severity of cybersecurity incidents have prompted customers to seek out specialized insurance products. However, this has also presented…
Abstract
Purpose
In recent years, the frequency and severity of cybersecurity incidents have prompted customers to seek out specialized insurance products. However, this has also presented insurers with operational challenges and increased costs. The assessment of risks for health systems and cyber–physical systems (CPS) necessitates a heightened degree of attention. The significant values of potential damages and claims request a solid insurance system, part of cyber-resilience. This research paper focuses on the emerging cyber insurance market that is currently in the process of standardizing and improving its risk analysis concerning the potential insured entity.
Design/methodology/approach
The authors' approach involves a quantitative analysis utilizing a Likert-style questionnaire designed to survey cyber insurance professionals. The authors' aim is to identify the current methods used in gathering information from potential clients, as well as the manner in which this information is analyzed by the insurers. Additionally, the authors gather insights on potential improvements that could be made to this process.
Findings
The study the authors elaborated it has a particularly important cyber and risk components for insurance area, because it addresses a “niche” area not yet proper addressed in specialized literature – cyber insurance. Cyber risk management approaches are not uniform at the international level, nor at the insurer level. Also, not all insurers can perform solid assessments, especially since their companies should first prove that they are fully compliant with international cyber security standards.
Research limitations/implications
This research has concentrated on analyzing the current practices in terms of gathering information about the insured entity before issuing the cyber insurance policy, level of details concerning the cyber security posture of the insured entity and way such information should be analyzed in a standardized and useful manner. The novelty of this research resides in the analysis performed as detailed above and the proposals in terms of information gathered, depth of analysis and standardization of approach made. Future work on the topic can focus on the standardization process for analyzing cyber risk for insurance clients, to improve the proposal based also on historical elements and trends in the market. Thus, future research can further refine the standardization process to analyze in more depth the way this can be implemented and included in relevant legislation at the EU level.
Practical implications
Proposed improvements include proposals in terms of the level of detail and the usefulness of an independent centralized approach for information gathering and analysis, especially given the re-insurance and brokerage activities. The authors also propose a common practical procedural approach in risk management, with the involvement of insurance companies and certification institutions of cyber security auditors.
Originality/value
The study investigates the information gathered by insurers from potential clients of cyber insurance and the way this is analyzed and updated for issuance of the insurance policy.
Details
Keywords
Yen-Chih Chen and Yin-Yee Leong
Given the continuing growth in both the complexity and severity of cyber risk, a fundamental rethink of cyber risk management has become an issue of paramount importance…
Abstract
Given the continuing growth in both the complexity and severity of cyber risk, a fundamental rethink of cyber risk management has become an issue of paramount importance, particularly as insurance firms are now providing both cyber risk management services and cyber risk insurance coverage. In this study, we set out to provide analyses of the prevailing cyber risk levels in various industries using the “Chronology of Data Breaches” database and then go on to assess the overall benefits of cyber risk insurance coverage. Our results reveal that compared to other industries, insurance firms exhibit superior cyber risk management. Regardless of internal and external cyber risk, insurance companies retain the lowest cyber losses. We further provide evidence to show that cyber risk insurance policies alone cannot effectively cover the potentially extreme cyber risk losses for most industries. However, the situation can be improved by implementing cyber risk management services provided by insurance firms. Insurance firms may need to provide an efficient cyber risk management system to lower the frequency and severity of extreme events.
Details
Keywords
Haitham Nobanee, Ahmad Yuosef Alodat, Mehroz Nida Dilshad, Alaa El Sayah, Sondos Nezam Alas’ad, Baraa Omar Al Shalabi, Sara Fadel Alsadi, Noora Mohammed Al Marri and Farzin Kamal Fiza
This study aims to examine the research output on cyber insurance from 2002 to 2021 through an extensive bibliometric analysis. It examines the cyber insurance resources and how…
Abstract
Purpose
This study aims to examine the research output on cyber insurance from 2002 to 2021 through an extensive bibliometric analysis. It examines the cyber insurance resources and how the process of cyber insurance works.
Design/methodology/approach
This paper uses Scopus and VOSviewer to analyze cyber insurance papers. Using 503 papers from Scopus, this paper enhances the understanding of cyber insurance through collaborative network maps of experts and researchers.
Findings
The study comprehensively evaluates the development of cyber research. The results show that the number of research articles on cyber insurance has significantly increased since 2009.
Practical implications
The study's results offer practical implications for researchers to gain knowledge on the latest trends and developments in the domain. In addition, the study highlights the significance of cyber insurance in mitigating financial risks linked to cyberattacks, potentially boosting the investment of more organizations in such policies. Furthermore, practitioners can enhance their understanding of the various types of cyber insurance policies and their coverage.
Originality/value
Our results are likely to encourage practitioners, computer scientists, auditors, accountants and lawyers to contribute further to corporate strategies, data analytics and business operations to mitigate cyber risk consequences. In addition, understanding regarding the cyber insurance concept formed between experts and researchers is limited. This paper fills this gap by evaluating and identifying the development of cyber insurance literature.
Details
Keywords
Hayretdin Bahşi, Ulrik Franke and Even Langfeldt Friberg
This paper aims to describe the cyber-insurance market in Norway but offers conclusions that are interesting to a wider audience.
Abstract
Purpose
This paper aims to describe the cyber-insurance market in Norway but offers conclusions that are interesting to a wider audience.
Design/methodology/approach
The study is based on semi-structured interviews with supply-side actors: six general insurance companies, one marine insurance company and two insurance intermediaries.
Findings
The Norwegian cyber-insurance market supply-side has grown significantly in the past two years. The General Data Protection Regulation (GDPR) is found to have had a modest effect on the market so far but has been used by the supply-side as an icebreaker to discuss cyber-insurance with customers. The NIS Directive has had little or no impact on the Norwegian cyber-insurance market until now. Informants also indicate that Norway is still the least mature of the four Nordic markets.
Practical implications
Some policy lessons for different stakeholders are identified.
Originality/value
Empirical investigation of cyber-insurance is still rare, and the paper offers original insights on market composition and actor motivations, ambiguity of coverage, the NIS Directive and GDPR.
Details
Keywords
Martin Eling and Werner Schnell
This paper aims to provide an overview of the main research topics in the emerging fields of cyber risk and cyber risk insurance. The paper also illustrates future research…
Abstract
Purpose
This paper aims to provide an overview of the main research topics in the emerging fields of cyber risk and cyber risk insurance. The paper also illustrates future research directions, from both academic and practical points of view.
Design/methodology/approach
The authors conduct a literature review on cyber risk and cyber risk insurance using a standardized search and identification process that has been used in various academic articles. Based upon this selection process, a database of 209 papers is created. The main research results findings are extracted and organized in seven clusters.
Findings
The results illustrate the immense difficulties to insure cyber risk, especially due to a lack of data and modelling approaches, the risk of change and incalculable accumulation risks. The authors discuss various ways to overcome these insurability limitations, such as mandatory reporting requirements, pooling of data or public–private partnerships in which the government covers parts of the risk.
Originality/value
Despite its increasing relevance for businesses at present, research on cyber risk is limited. Many papers can be found in the IT domain, but relatively little research has been done in the business and economics literature. The authors illustrate where research stands currently and outline directions for future research.
Details
Keywords
Previous studies generally focused on the definition of cybercrime and its effect on the market. Following Kesan’s study, this paper aims to analyse the relationship between cyber…
Abstract
Purpose
Previous studies generally focused on the definition of cybercrime and its effect on the market. Following Kesan’s study, this paper aims to analyse the relationship between cyber insurance and social welfare and compare it among three countries, namely, USA, UK and Turkey. The paper also discusses the main obstacles that the cyber insurer has to deal with and its effect on social welfare. This paper answers two questions related to cyber insurance at an aggregate level. First, “what kind of contribution does cyber insurance make to social welfare?” Second,“What kind of problems do insurers and insured have to face?” Although the findings are similar to Kesan’s study, this study gives an opportunity to make a country-based study and interpret the results with a different perspective.
Design/methodology/approach
The calculation of utility is also important for interpreting social welfare in the market. Consumer behaviour under uncertainty constructs the background for this paper because the risks of malicious attacks are contingent and independent, which means that consumers have to make their decisions under uncertainty. Von-Neumann-Morgenstern utility function is used for interpreting consumer’s behaviour.
Findings
Basically, there are two important conclusions that can derive for cyber insurance. First, cyber insurance can be defined as a higher security investment when coupled with increased levels of safety and a robust IT infrastructure. Second, cyber insurance, as a high-security investment, would have a positive impact on social welfare by making the internet safer for all users. The results show that the problems that lead to market failure can be virtually eliminated with an accurate risk assessment that leads to appropriate premium levels for insured. These results are consistent with those of study by Kesan et al. (2006).
Research limitations/implications
Data availability for different industries have limited the ability to compare the impact of cyber-crime to different sectors.
Originality/value
Technological devices have become part of our daily life. Although they have brought us increasing access to all types of information, including opportunities for business, they have also increased the risk of malicious attacks and the risk of e-crime. By replicating the economic model used by Kesan et al. (2006), social welfare losses and insurance premiums are calculated for three countries: USA, UK and Turkey. Questions pertaining to contribution of cyber insurance to social welfare and problems faced by insurers and insured are addressed.
Details
Keywords
This paper aims to present the case of an Italian SME in the domain of insurance and how it approached its own digital transformation. Together with the founders of the SME, the…
Abstract
Purpose
This paper aims to present the case of an Italian SME in the domain of insurance and how it approached its own digital transformation. Together with the founders of the SME, the author investigated the digital trends the company should adopt and identified where to intervene in the value chain of the company with new technologies available in the market. The research was focused on the following three sub-domains: a strategy for adoption of innovative digital solutions to improve the everyday operations of the company, platform connecting the company with the customers and analysis of cyber insurance policies to include in the portfolio of the company.
Design/methodology/approach
For the part on strategy for adoption of innovative digital solutions, the author performed literature review; for the part in which the study ideates new solution to better connect the company with the customers, the author relied on design thinking, creative facilitation and prototyping; and for the part on cyber insurance policies to include the portfolio, the author relied on data available from other insurance companies the SME collaborates with.
Findings
This paper presented the analysis on how an insurance SME can embrace digital innovation (via internal innovation, buying from startups, partnering with startups or investing in startups), how an SME can do internal innovation and come up with a simple tool to bring closer the insurers and their customers and types of new cyber risk policies to include in the portfolio to respond to the growing demand for cyber risk insurance. This paper provides useful insights and lessons learned from companies of similar size in the domain of insurance and discusses future extensions of inquiry.
Originality/value
Big insurance companies and incumbent for their digitization efforts rely on the freshly created InsurTechs wave of companies. In this paper, the author analyzes what small- and medium-sized insurance enterprises can do in this respect and showcases the approach an Italian SME took in this direction.
Details
Keywords
The purpose of this paper is to look at how cyber insurance markets might work with the backing of government reinsurance.
Abstract
Purpose
The purpose of this paper is to look at how cyber insurance markets might work with the backing of government reinsurance.
Design/methodology/approach
The paper is based on interviews and workshops on cyber security, cyber terrorism and cyber crime.
Findings
The paper links a successful 1990s' approach to property terrorism risk to helping address cyber risk.
Originality/value
Of note, the author suggests that cyber risk is under control when organisations at risk can purchase normal insurances.
Details
Keywords
However, pricing these policies is tough due to incomplete modelling data about the frequency and cost of breaches, and uncertainty about the scale and interconnectedness of cyber…
Details
DOI: 10.1108/OXAN-DB276226
ISSN: 2633-304X
Keywords
Geographic
Topical
Priti Rani Rajvanshi, Taranjeet Singh, Deepa Gupta and Mukul Gupta
Introduction: The frequency and complexity of cyber assaults have grown in recent years. Consequently, organisations have increased their expenditures in more robust…
Abstract
Introduction: The frequency and complexity of cyber assaults have grown in recent years. Consequently, organisations have increased their expenditures in more robust infrastructure to protect themselves from these cyber assaults. These organisations’ assets, data, and reputations are at risk due to rapidly increasing cybercrimes. However, complete protection from these many and ever-changing threats is very challenging as a result. To deal with them, companies are taking steps to reduce risks and limit company losses in their occurrence.
Purpose: Progressively, the insurance sector organisations are including digital protection as a component of the board’s general danger technique. Protection enterprises, then again, depend on accurately expecting risks, while a significant number of them depend on normalised approaches. Because of the exceptional attributes of the digital assaults, transporters now and again depend on subjective strategies dependent on master decisions. There is an unmistakeable absence of observational information on digital protection, specifically subjective examinations planning to comprehend and depict necessities, impediments, and cycles applicable for digital protection.
Methodology: There are various unanswered inquiries and worries about the oversight and legitimate and administrative assessment of network safety weaknesses in the protection business. In the wake-up of looking over all these worries and issues, steps to alleviate them are laid out after an extensive literature survey and secondary data sources. In this study, the authors have principally viewed the executive parts of the associations as the danger. While considering network protection, their insight of needs was taken as one among a few dangerous treatment systems, just as the necessities of the organisations’ protection in assessing the danger level of likely customers.
Findings: This section analyses past research in network safety and information security in the protection market. The danger of the executives’ strategies, the numerical models, and the forecasts of digital occassions are illustrated in this section. Lastly, the future headings are likewise expressed momentarily.
Practical implications: This review might be valuable for additional examination and logical discussion, yet additionally for down-to-earth applications. Moreover, it could be gainful to organisations as a supportive instrument for better agreement on what digital protection is and how to get ready to take on network safety and information security procedures in the association.
Significance: These associations’ resources, information, and notoriety are in danger because of quickly expanding cybercrimes. Cybercriminals are utilising more refined approaches to start digital assaults. Digital protection was anticipated to affect security conduct before any proof was gathered. Progressively, organisations are including digital protection as a feature of their general danger to the executive system. Because of the exceptional attributes of the digital assaults, transporters as often as possible depend on subjective methods dependent on master decisions. Thus, this space of network safety and information security is vital uniquely in the protection market.
Details