Skip to main content

Cyber Security Incentives and the Role of Cyber Insurance

Sullivan, James and Nurse, Jason R. C. (2021) Cyber Security Incentives and the Role of Cyber Insurance. Technical report. Royal United Services Institute for Defence and Security Studies (RUSI) (KAR id:89042)

PDF Publisher pdf
Language: English
Download (658kB) Preview
[thumbnail of RUSI-Kent-EIP-Cyber-insurance.pdf]
This file may not be suitable for users of assistive technology.
Request an accessible format


This paper outlines the opportunities of and challenges in using cyber insurance to incentivise cyber security practices. Findings are based on a review of existing industry reports and academic research. The paper forms part of an independent research project by RUSI and the University of Kent that provides actionable policy recommendations on how to incentivise cyber security through cyber insurance. They derive from a series of interviews and workshops with insurers, businesses, cyber security providers, government and other key stakeholders. The current evidence about the ability of cyber insurance to improve cyber security practices is limited. While cyber insurers may be able to provide expertise to policyholders and increase their awareness of cyber risks, much of the existing evidence base is largely theoretical and there is still considerable scepticism from customers about the benefits of cyber insurance. The uptake of cyber insurance, particularly by small to medium enterprises (SMEs), remains low. Existing research suggests that some of the overarching factors explaining this are: the high cost of policies and the difficulties insurers face in pricing premiums appropriately; confusion over what types of incidents insurance policies cover (and the issue of ‘silent cyber’); and a lack of understanding of risks stemming from cyber incidents. There is the potential for the cyber insurance market to learn from other insurance markets to increase uptake, although understanding the depth of these connections requires further enquiry. The paper concludes by identifying several policy questions raised by the existing literature. These questions serve to guide the next stage of the project and to prompt new conversations about how cyber insurance might better incentivise cyber security practices.

Item Type: Monograph (Technical report)
Subjects: Q Science > QA Mathematics (inc Computing science)
T Technology
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Jason Nurse
Date Deposited: 06 Jul 2021 09:58 UTC
Last Modified: 19 Nov 2022 22:41 UTC
Resource URI: (The current URI for this page, for reference purposes)
Nurse, Jason R. C.:
  • Depositors only (login required):


Downloads per month over past year