Differentiating Cyber Risk of Insurance Customers: The Insurance Company Perspective

Tøndel, Inger Anne; Seehusen, Fredrik; Gjære, Erlend Andreas; Moe, Marie Elisabeth Gaup

doi:10.1007/978-3-319-45507-5_12

Cited by 9 publications

(12 citation statements)

References 13 publications

(19 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Others deal with the cybersecurity insurance companies (i.e. the suppliers of cybersecurity insurance services), mainly in the context of assessing cybersecurity risks (Eling & Schnell, 2016;Meland et al, 2017;Tøndel et al, 2016).…”

Section: Literature Reviewmentioning

confidence: 99%

“…Other research examined the insurance market in different geographical zones, as well as the decision process of insurance companies relating to cybersecurity insurance and risk handling. Tøndel et al (2016) emphasized the supplier, the cybersecurity insurance companies, mainly in the Nordic market, and examined their challenges in assessing cybersecurity risk. They found that the abilities of insurance companies to evaluate risk assessment is highly impacted by limited experience with cybersecurity insurance services and little historical data to rely on.…”

Section: The Cybersecurity Insurance Suppliersmentioning

confidence: 99%

“…Customers underestimate the probability of cyber-attacks to their business, leading to underestimation of the possible risks (Rohn et al, 2016). Suppliers of cybersecurity insurance services do not have enough experience and historical data, to identify, assess and evaluate the risks and the premium needed (Tøndel et al, 2016). Another aspect is the role of the insurance companies in consulting and risk assessments, as private governance mechanism in improving the organizations' cyber readiness (Talesh, 2018).…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

The invisible hole of cybersecurity insurance services

Pavel

Gafni

2020

OJAKM

View full text Add to dashboard Cite

This study examines the cybersecurity insurance market in the United States (U.S.) in order to reveal if an “invisible hole” of services and information exists in this market. This is performed by mapping the cybersecurity insurance services, offered by insurance companies, to cope with cybersecurity risks, and finding in which way these services are exposed, visible and comprehensive, in the insurance companies' websites. The research questions examined the extent cybersecurity insurance services offered by the main U.S. insurance companies; the visibility of such services on their websites; and the types of services offered. The sample included 44 insurance companies based upon nine lists of the top U.S. insurance companies. The findings present that most companies (68%) offer cybersecurity insurance services, while only a few (26.92%) expose such information in a visible way. Moreover, on the one hand, the insurance companies use general terms for services, which may be blur and ambiguous, while on the other hand, there is a widespread of specific services, most of them (81%) provided only by few companies. These findings may derive due to insufficient understanding of cybersecurity insurance clients' needs and may reflect the lack of maturity of the cybersecurity insurance market, as matured marketplaces are mostly more standardized. This study demonstrates that there is a long way to advance until the insurance market for cybersecurity risks will be mature, customers (businesses and organizations) will understand the needs for such insurance, and insurance companies will develop and offer relevant insurance services.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Section: The Cybersecurity Insurance Suppliersmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

The invisible hole of cybersecurity insurance services

Pavel

Gafni

2020

OJAKM

View full text Add to dashboard Cite

show abstract

“…The Norwegian cyber-insurance market has previously been investigated by Tøndel et al , who conducted interviews with a limited number of key insurance companies offering cyber-insurance on the Norwegian market in in 2015 (Tøndel et al , 2016). This differs from our study, in that no other relevant actors such as brokers were included.…”

Section: Related Workmentioning

confidence: 99%

“…Tøndel et al (2016) aimed to identify challenges and cyber-risk assessment practices of insurance companies. However, findings were scarce as companies did not give ‘any clear priorities on which risk factors they consider most important’.…”

Section: Related Workmentioning

confidence: 99%

The cyber-insurance market in Norway

Bahşi

Franke

Friberg

2019

ICS

View full text Add to dashboard Cite

Purpose This paper aims to describe the cyber-insurance market in Norway but offers conclusions that are interesting to a wider audience. Design/methodology/approach The study is based on semi-structured interviews with supply-side actors: six general insurance companies, one marine insurance company and two insurance intermediaries. Findings The Norwegian cyber-insurance market supply-side has grown significantly in the past two years. The General Data Protection Regulation (GDPR) is found to have had a modest effect on the market so far but has been used by the supply-side as an icebreaker to discuss cyber-insurance with customers. The NIS Directive has had little or no impact on the Norwegian cyber-insurance market until now. Informants also indicate that Norway is still the least mature of the four Nordic markets. Practical implications Some policy lessons for different stakeholders are identified. Originality/value Empirical investigation of cyber-insurance is still rare, and the paper offers original insights on market composition and actor motivations, ambiguity of coverage, the NIS Directive and GDPR.

show abstract