Abstract / Description of output
Cyber risk management involves balancing risk acceptance, avoidance, reduction and transfer. Academic researchers have focused on risk reduction measures. Studies of cyber risk transfer are less common, mainly centering on cyber insurance. This emphasis on risk reduction overlooks the development of many real-world cyber risk transfer products in the last decade. Our study describes the emergence of products including: warranties, cloud computing partnerships, parametric insurance, reinsurance, and cyber cat bonds. We characterize how these solutions addressed four core challenges of transferring cyber risk: (1) tailoring coverage to the threat landscape; (2) managing solvency; (3) data collection for risk assessment; and (4) creating incentives for risk reduction. The result is an integrated history of cyber risk transfer describing how novel products and partnerships emerged to address failings in prevailing business models. Our descriptive study can help other researchers to understand real-world problems, providing a foundation for future research and a richer picture of the overall cyber risk transfer landscape, as well as a deeper understanding of the types of cyber risk that can—and cannot—be effectively transferred.
Original language | English |
---|---|
Number of pages | 25 |
Publication status | Accepted/In press - 20 Feb 2024 |
Event | Workshop on the Economics of Information Security - Dallas, United States Duration: 8 Apr 2024 → 10 Apr 2024 https://weis.utdallas.edu/program/ |
Workshop
Workshop | Workshop on the Economics of Information Security |
---|---|
Country/Territory | United States |
City | Dallas |
Period | 8/04/24 → 10/04/24 |
Internet address |