Facing Uncertainty in Cyber Insurance Policies

Meland, Per Håkon; Tøndel, Inger Anne; Moe, Marie Elisabeth Gaup; Seehusen, Fredrik

doi:10.1007/978-3-319-68063-7_6

Cited by 8 publications

(11 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The existence of asymmetric information also impacts negatively the customer side as insurance firms may raise premium prices due to incomplete knowledge and risk overestimation, leading to an expensive, niche, and not-appealing product [45], [46]. High premiums are also the result of insufficient criteria to reduce them: even if a company holds security certifications and profusely invests in self-protection, the effectiveness of these actions against the wide variety of cyber attacks is not clear, making, in turn, difficult to assess to what extent they are useful to reduce the overall risk [45].…”

Section: Extending Insurances To the Cyber Domainmentioning

confidence: 99%

“…Indeed, many cyber-insurance policies already bring supplemental value through the inclusion of risk mitigation, tracking and loss-prevention tools [76]. Clients, in particular small organizations that lack experience, can benefit from this continuous interaction to better ponder their measures towards higher-priority situations [46]. The post-binding phase also helps to prevent the well-known issue of moral hazard [18], [43], [77], [78] -a form of post-underwriting opportunism by the policyholder, who undertakes incautious actions knowing that, in case of incidents, there exists a counterpart who will bear the brunt and will not be able to verify the presence of negligent and fraudulent actions.…”

Section: Extending Insurances To the Cyber Domainmentioning

confidence: 99%

See 1 more Smart Citation

SoK: Cyber Insurance – Technical Challenges and a System Security Roadmap

Dambra

Bilge

Balzarotti

2020

2020 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

Cyber attacks have increased in number and complexity in recent years, and companies and organizations have accordingly raised their investments in more robust infrastructure to preserve their data, assets and reputation. However, the full protection against these countless and constantly evolving threats is unattainable by the sole use of preventive measures. Therefore, to handle residual risks and contain business losses in case of an incident, firms are increasingly adopting a cyber insurance as part of their corporate risk management strategy.As a result, the cyber insurance sector -which offers to transfer the financial risks related to network and computer incidents to a third party -is rapidly growing, with recent claims that already reached a $100M dollars. However, while other insurance sectors rely on consolidated methodologies to accurately predict risks, the many peculiarities of the cyber domain resulted in carriers to often resort to qualitative approaches based on experts opinions.This paper looks at past research conducted in the area of cyber insurance and classifies previous studies in four different areas, focused respectively on studying the economical aspects, the mathematical models, the risk management methodologies, and the predictions of cyber events. We then identify, for each insurance phase, a group of practical research problems where security experts can help develop new data-driven methodologies and automated tools to replace the existing qualitative approaches.

show abstract

Section: Extending Insurances To the Cyber Domainmentioning

confidence: 99%

Section: Extending Insurances To the Cyber Domainmentioning

confidence: 99%

SoK: Cyber Insurance – Technical Challenges and a System Security Roadmap

Dambra

Bilge

Balzarotti

2020

2020 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

show abstract

“…It thus represents the case where fixed restart costs overshadow variable outage costs. Meland et al (2017) cite data showing that response costs are on average three times as great as loss of business income. Though these categories are not exactly equivalent to fixed vs. variable costs, such data indicate that fixed, durationindependent, costs cannot be ignored.…”

Section: Cost Of Downtime As Function Of Durationmentioning

confidence: 99%

Enterprise IT service downtime cost and risk transfer in a supply chain

Wang

Franke

2020

Oper Manag Res

View full text Add to dashboard Cite

In this paper we present an economic model for analyzing enterprise IT service downtime cost, first on a standalone basis and then in a supply chain setting. With a baseline probability model of Poisson arrival frequency with random downtime duration, we analyze optimal production of a firm's investments in reducing frequency and duration of downtime, and corresponding premiums for insuring against downtime cost. We also present a model for the spillover effect of downtime for interconnected firms in a supply chain, and discuss how third-party insurance coverage can help enterprises to internalize the externalities of spillover effects on the supply chain.

show abstract

“…Beyond those more technical aspects, there are also difficulties in understanding the decisions driving the insurance underwriting and claims processes, including those relating to security control recommendations [29,36,38,41]. Furthermore, we must not overlook the reality of a lack of awareness about cyber insurance, social insurance stigmas, and general negative perceptions [4,12,13,25,31]. Such negative perceptions can inhibit the uptake of cyber insurance policies, and are boosted by the rejection of large cyber claims by insurance companies, which has already started to occur [39].…”

Section: Introductionmentioning

confidence: 99%