Sullivan, James and Nurse, Jason R. C. (2021) Cyber Security Incentives and the Role of Cyber Insurance. Technical report. Royal United Services Institute for Defence and Security Studies (RUSI) (KAR id:89042)
PDF
Publisher pdf
Language: English |
|
Download this file (PDF/658kB) |
Preview |
Request a format suitable for use with assistive technology e.g. a screenreader |
Abstract
This paper outlines the opportunities of and challenges in using cyber insurance to incentivise cyber security practices. Findings are based on a review of existing industry reports and academic research. The paper forms part of an independent research project by RUSI and the University of Kent that provides actionable policy recommendations on how to incentivise cyber security through cyber insurance. They derive from a series of interviews and workshops with insurers, businesses, cyber security providers, government and other key stakeholders. The current evidence about the ability of cyber insurance to improve cyber security practices is limited. While cyber insurers may be able to provide expertise to policyholders and increase their awareness of cyber risks, much of the existing evidence base is largely theoretical and there is still considerable scepticism from customers about the benefits of cyber insurance. The uptake of cyber insurance, particularly by small to medium enterprises (SMEs), remains low. Existing research suggests that some of the overarching factors explaining this are: the high cost of policies and the difficulties insurers face in pricing premiums appropriately; confusion over what types of incidents insurance policies cover (and the issue of ‘silent cyber’); and a lack of understanding of risks stemming from cyber incidents. There is the potential for the cyber insurance market to learn from other insurance markets to increase uptake, although understanding the depth of these connections requires further enquiry. The paper concludes by identifying several policy questions raised by the existing literature. These questions serve to guide the next stage of the project and to prompt new conversations about how cyber insurance might better incentivise cyber security practices.
Item Type: | Reports and Papers (Technical report) |
---|---|
Subjects: |
Q Science > QA Mathematics (inc Computing science) T Technology |
Divisions: | Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing |
Depositing User: | Jason Nurse |
Date Deposited: | 06 Jul 2021 09:58 UTC |
Last Modified: | 19 Nov 2022 22:41 UTC |
Resource URI: | https://kar.kent.ac.uk/id/eprint/89042 (The current URI for this page, for reference purposes) |
- Link to SensusAccess
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):