Abstract / Description of output
Individuals can become victims of security incidents, privacy violations, online scams, and social media abuse. In addition to prevention, users should create response strategies in case misfortune strikes. To better understand response to digital harm, we conducted the first study of personal cyber insurance in the US and the UK.
We explored the supply-side via a content analysis of 24 cyber insurance policies. The results show personal cyber insurance compensates security, privacy and fraud incidents, with a slim majority also covering cyberbullying. Comparing these results to prior work, we find that coverage in the US and UK has significant differences to coverage in Germany. We study the demand-side via a survey distributed to 584 participants with an even US/UK split. Just 1.6% of respondents have cyber coverage and 8.5% are aware of the product. We introduce the concepts of risk uncertainty and coverage uncertainty, finding both are prevalent for personal cyber insurance. Studying coverage uncertainty, we discover a gap between insurers and participants, which is broadest for online fraud and narrowest for identity theft and cyberbullying. Turning to risk uncertainty, we discovered that in the aggregate users are relatively well calibrated regarding the frequency of different incidents. Individuals estimate that fraud incidents have the greatest impact, followed by security and privacy incidents. Cyberbullying has very low estimated impact. Regarding purchasing a policy, participants raised uncertainties about contractual details, reporting requirements, victimization statistics, and access to security solutions.
We explored the supply-side via a content analysis of 24 cyber insurance policies. The results show personal cyber insurance compensates security, privacy and fraud incidents, with a slim majority also covering cyberbullying. Comparing these results to prior work, we find that coverage in the US and UK has significant differences to coverage in Germany. We study the demand-side via a survey distributed to 584 participants with an even US/UK split. Just 1.6% of respondents have cyber coverage and 8.5% are aware of the product. We introduce the concepts of risk uncertainty and coverage uncertainty, finding both are prevalent for personal cyber insurance. Studying coverage uncertainty, we discover a gap between insurers and participants, which is broadest for online fraud and narrowest for identity theft and cyberbullying. Turning to risk uncertainty, we discovered that in the aggregate users are relatively well calibrated regarding the frequency of different incidents. Individuals estimate that fraud incidents have the greatest impact, followed by security and privacy incidents. Cyberbullying has very low estimated impact. Regarding purchasing a policy, participants raised uncertainties about contractual details, reporting requirements, victimization statistics, and access to security solutions.
Original language | English |
---|---|
Title of host publication | 2025 IEEE Symposium on Security and Privacy |
Publisher | Institute of Electrical and Electronics Engineers |
Publication status | Accepted/In press - 16 Sept 2024 |
Event | 46th IEEE Symposium on Security and Privacy - The Hyatt Regency San Francisco, San Francisco, United States Duration: 12 May 2025 → 15 May 2025 https://sp2025.ieee-security.org/index.html |
Publication series
Name | IEEE Symposium on Security and Privacy |
---|---|
Publisher | Institute of Electrical and Electronics Engineers |
ISSN (Print) | 1081-6011 |
ISSN (Electronic) | 2375-1207 |
Symposium
Symposium | 46th IEEE Symposium on Security and Privacy |
---|---|
Abbreviated title | IEEE S&P 2025 |
Country/Territory | United States |
City | San Francisco |
Period | 12/05/25 → 15/05/25 |
Internet address |