Why IT managers don't go for cyber-insurance products

Bandyopadhyay, Tridib; Mookerjee, Vijay; Rao, Ramesh P.

doi:10.1145/1592761.1592780

Cited by 95 publications

(68 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…2.4.1 for conventional insurance. [BMR09] discuss an extension specific to cyberinsurance, where insured agents can opt for off-contract behavior and hide breaches instead of claiming compensation from insurers. They have an incentive to do so if the expected secondary costs exceed the contractually agreed compensation for primary losses.…”

Section: Information Asymmetries Specific To Cyber-insurancementioning

confidence: 99%

“…In [Böh05,BK06], the focus is on correlated risk, in [OMR05] on interdependent security alone, and in [Hof07, BL08, LB09] on interdependent security with minor information asymmetries. In [BMR09], asymmetric information is studied without features of the network environment. By contrast, [BL08,LB09] rebates and fines, [Böh05], where only full insurance is considered for simplicity.…”

Section: Comparison Across Modelsmentioning

confidence: 99%

“…Several authors interpret the markup as a reflection of market power, with higher loading corresponding to more market power [Hof07,BL08,LB09,BMR09]. This interpretation led the researchers to forgo the profit-maximization problem of a monopolist, but their claim of studying the monopolistic market structures is probably too strong.…”

Section: Comparison Across Modelsmentioning

confidence: 99%

“…Although its roots in the 1980s looked promising, battered by events such as Y2K and 9/11, the market for cyber-insurance failed to thrive and remained in a niche for unusual demands: coverage is tightly limited, and clients include SMBs 1 in need for insurance to qualify for tenders, or community banks too small to hedge the risks of their online banking operations. Even a conservative forecast of 2002, which predicted a global market for cyber-insurance worth $2.5 billion in 2005 2 , turned out to be five times higher than the size of the market in 2008 (three years later) [Bae03,BMR09]. Overall, in relative terms, the market for cyber-insurance shrank as the Internet economy grew.…”

Section: Introductionmentioning

confidence: 97%

“…More recent works acknowledge that the market failed to grow as expected. They attempt to explain market failure with economic equilibrium models, each tailored to one of three obstacles: interdependent security [KH03, OMR05,BL08], correlated risk [Böh05,BK06], and information asymmetries [SSFW09,BMR09]. Their conclusions are more reserved about the prospects of a mature market for cyber-insurance, unless the specific obstacle under investigation could be resolved.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Insurance mechanisms in information security risk management

Борхаленко¹

2017

EATP

View full text Add to dashboard Cite

We propose a comprehensive formal framework to classify all market models of cyber-insurance we are aware of. The framework features a common terminology and deals with the specific properties of cyber-risk in a unified way: interdependent security, correlated risk, and information asymmetries. A survey of existing models, tabulated according to our framework, reveals a discrepancy between informal arguments in favor of cyber-insurance as a tool to align incentives for better network security, and analytical results questioning the viability of a market for cyber-insurance. Using our framework, we show which parameters should be considered and endogenized in future models to close this gap.

show abstract

Section: Information Asymmetries Specific To Cyber-insurancementioning

confidence: 99%

Section: Comparison Across Modelsmentioning

confidence: 99%

Section: Comparison Across Modelsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 97%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Insurance mechanisms in information security risk management

Борхаленко¹

2017

EATP

View full text Add to dashboard Cite

show abstract

Investigating the drivers of cybersecurity enhancement in public organizations: The case of Jordan

Al-Ma’aitah

2022

E J Info Sys Dev Countries

View full text Add to dashboard Cite

Electronic government systems are broadly recognized in the modern era as useful and valid means of delivering e-services. As the importance and prevalence of egovernment services have grown, increasing attention has necessarily been placed on the cybersecurity of electronic programs. Multiple drivers have been identified as contributing to the enhancement of cybersecurity, however, there is limited empirical research confirming these drivers. The main aims of this study are to investigate the drivers of e-government cybersecurity enhancement and determine the impact of cybersecurity on the effectiveness of e-government systems. The study constructs were extracted from the human-organization-technology (HOT) theory and institutional theory. A total of 500 questionnaires were randomly distributed to information technology department staff members and e-government officials in Jordanian ministries. The resulting data were analyzed using a structural equation modeling approach. The findings indicate that technical measures, the role of senior management, coercive pressures, and memetic pressures are important drivers for enhanced cybersecurity levels in governmental organizations. The results also show that enhancing cybersecurity levels in organizations promote the effectiveness of e-government services. These conclusions offer researchers and practitioners insight as to the drivers of an enhanced cybersecurity and the importance of cybersecurity in e-government as a whole.

show abstract

Cyber-Warranties as a Quality Signal for Information Security Products

Woods

Simpson

2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Consumers struggle to distinguish between the quality of different enterprise security products. Evaluating performance is complicated by the stochastic nature of losses. It is recognised that this information asymmetry may lead to a "market for lemons" in which suppliers face no incentive to provide higher quality products. Some security vendors have begun to offer cyber-warranties -voluntary ex-ante obligations to indemnify the customer in the event of a cyber attackto function as a quality signal. Much like how consumer protection laws are relatively more costly to firms offering low quality products, cyberwarranties are more costly for firms developing low quality enterprise security products. In this paper, we introduce a decision-theoretic model to explore how consumers might use cyber-warranties to increase information when purchasing security products. Our analysis derives four inferences that consumers can make about a security product. We discuss the difficulties customers might face in using these inferences to make real world decisions.

show abstract

Why IT managers don't go for cyber-insurance products

Abstract: Proposed contracts tend to be overpriced because insurers are unable to anticipate customers' secondary losses.

Cited by 95 publications

References 8 publications

Insurance mechanisms in information security risk management

Insurance mechanisms in information security risk management

Investigating the drivers of cybersecurity enhancement in public organizations: The case of Jordan

Cyber-Warranties as a Quality Signal for Information Security Products

Contact Info

Product

Resources

About