Cartwright, Anna, Cartwright, Edward, MacColl, Jamie, Mott, Gareth, Turner, Sarah, Sullivan, James, Nurse, Jason R. C. (2023) How Cyber-Insurance Influences the Ransomware Payment Decision: Theory and Evidence. The Geneva Papers on Risk and Insurance - Issues and Practice, 48 . pp. 300-331. E-ISSN 1468-0440. (doi:10.1057/s41288-023-00288-8) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided) (KAR id:100212)
|
PDF
Author's Accepted Manuscript
Language: English Restricted to Repository staff only until 8 March 2024. |
|
|
Contact us about this Publication
|
![[thumbnail of GPRI-2023-Insurance-ransomware-payment.pdf]](https://kar.kent.ac.uk/style/images/fileicons/application_pdf.png) |
| Official URL: https://doi.org/10.1057/s41288-023-00288-8 |
|
Abstract
In this paper we analyse how cyber-insurance influences the cost-benefit decision making process of a ransomware victim. Specifically, we ask whether organizations with cyber-insurance are more likely to pay a ransom than non-insureds. We propose a game-theoretic framework with which to categorize and distinguish different channels through which insurance may influence victim decision making. This allows us to identify ways in which insurance may incentivize or disincentivize payment of the ransom. Our framework is informed by data from semi-structured interviews with 65 professionals with expertise in cyber-insurance, cybersecurity and/or ransomware, as well as data from the UK Cyber Security Breaches Survey. We find that perceptions are very divided on whether victims with insurance are more (or less) likely to pay a ransom. Our model can reconcile these views once we take into account context specifics, such as the severity of the attack as measured by business interruption and restoration and/or the exfiltration of sensitive data.
https://orcid.org/0000-0003-0194-9368- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):
Altmetric
Altmetric
