Pricing cyber-insurance for systems via maturity models

Skeoch, Henry; Pym, David J.

doi:10.48550/arxiv.2302.04734

Cited by 1 publication

(2 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The result of the t-test showed that the average answer was larger than 3 (at 5% significance level), as illustrated below in Table 1. The importance of the maturity level of the insured organization is important, as stated also by other researchers (Skeoch and Pym, 2023). At the same time, more than 60% of the respondents indicated that an audit performed by an independent official or certified auditor chosen by the insurer is valuable in the analysis process, a result confirmed by the Wilcoxon and t tests at 1% significance level.…”

Section: Resultssupporting

confidence: 66%

See 1 more Smart Citation

Cyber insurance risk analysis framework considerations

Rangu,

Badea,

Scheau

et al. 2024

JRF

View full text Add to dashboard Cite

PurposeIn recent years, the frequency and severity of cybersecurity incidents have prompted customers to seek out specialized insurance products. However, this has also presented insurers with operational challenges and increased costs. The assessment of risks for health systems and cyber–physical systems (CPS) necessitates a heightened degree of attention. The significant values of potential damages and claims request a solid insurance system, part of cyber-resilience. This research paper focuses on the emerging cyber insurance market that is currently in the process of standardizing and improving its risk analysis concerning the potential insured entity.Design/methodology/approachThe authors' approach involves a quantitative analysis utilizing a Likert-style questionnaire designed to survey cyber insurance professionals. The authors' aim is to identify the current methods used in gathering information from potential clients, as well as the manner in which this information is analyzed by the insurers. Additionally, the authors gather insights on potential improvements that could be made to this process.FindingsThe study the authors elaborated it has a particularly important cyber and risk components for insurance area, because it addresses a “niche” area not yet proper addressed in specialized literature – cyber insurance. Cyber risk management approaches are not uniform at the international level, nor at the insurer level. Also, not all insurers can perform solid assessments, especially since their companies should first prove that they are fully compliant with international cyber security standards.Research limitations/implicationsThis research has concentrated on analyzing the current practices in terms of gathering information about the insured entity before issuing the cyber insurance policy, level of details concerning the cyber security posture of the insured entity and way such information should be analyzed in a standardized and useful manner. The novelty of this research resides in the analysis performed as detailed above and the proposals in terms of information gathered, depth of analysis and standardization of approach made. Future work on the topic can focus on the standardization process for analyzing cyber risk for insurance clients, to improve the proposal based also on historical elements and trends in the market. Thus, future research can further refine the standardization process to analyze in more depth the way this can be implemented and included in relevant legislation at the EU level.Practical implicationsProposed improvements include proposals in terms of the level of detail and the usefulness of an independent centralized approach for information gathering and analysis, especially given the re-insurance and brokerage activities. The authors also propose a common practical procedural approach in risk management, with the involvement of insurance companies and certification institutions of cyber security auditors.Originality/valueThe study investigates the information gathered by insurers from potential clients of cyber insurance and the way this is analyzed and updated for issuance of the insurance policy.

show abstract

Section: Resultssupporting

confidence: 66%

Section: Resultsmentioning

confidence: 71%