How Cyber Insurance Shapes Incident Response: A Mixed Methods Study

Daniel W. Woods, Rainer Böhme

Research output: Contribution to conferencePaperpeer-review

Abstract / Description of output

Cyber insurance policies commonly indemnify the cost of incident response services. This creates a multi-layered economic problem in that the policyholder hiring external firms incurs transaction costs and the insurer paying the bill creates a principal-agent problem. We adopted a multistage research design to understand how insurers address the problem. First, we iteratively derived 12 stylised facts from 29 expert interviews and a sample of 480 partnerships with incident response firms made by 24 insurers. Second, we validated these facts via a workshop attended by 61 unique participants. The results show insurers have created a private ordering by controlling which firms are selected, negotiating prices ahead of time, and punishing low service quality by withholding future work. A minority of firms win the majority of work, thereby building trust through repeated interactions. We discuss how the findings relate to the economics of incident response, cyber insurance as governance, and ransomware.
Original languageEnglish
Number of pages35
Publication statusPublished - 29 Jun 2021
EventThe 20th Annual Workshop on the Economics of Information Security - Online
Duration: 28 Jun 202129 Jun 2021
Conference number: 20
https://weis2021.econinfosec.org/

Conference

ConferenceThe 20th Annual Workshop on the Economics of Information Security
Abbreviated titleWEIS 2021
Period28/06/2129/06/21
Internet address

Fingerprint

Dive into the research topics of 'How Cyber Insurance Shapes Incident Response: A Mixed Methods Study'. Together they form a unique fingerprint.

Cite this