Insurance and enterprise: cyber insurance for ransomware-Reference-Cited by-同舟云学术

Insurance and enterprise: cyber insurance for ransomware

Published:2022-12-04 Issue: Volume: Page:
ISSN:1018-5895
Container-title:The Geneva Papers on Risk and Insurance - Issues and Practice
language:en
Short-container-title:Geneva Pap Risk Insur Issues Pract

Author:

Baker Tom^ORCID,Shortland Anja

Abstract

AbstractSelling insurance gives insurers an incentive to manage insured risks. The “insurance-as-governance” literature demonstrates that insurers often make insurance conditional on ex ante risk reduction or mitigation. But insurance governs in support of enterprise, not security for its own sake. Tight underwriting inhibits enterprise—not only for insured businesses but also for the business of insurance. This paper highlights ex post loss reduction as a form of insurance-based governance. Drawing on interviews with industry insiders, we explore how insurers addressed the evolving problems of moral hazard, uncertainty and correlated losses since the 1990s. We find that cyber insurance developed sophisticated remedies to contain liabilities and quickly restore affected IT systems, but largely left security decisions to the insured. This facilitated enterprise in the short run but undermined security in the longer term: funding and expediting ransom payments encourages further attacks. As businesses improved their resilience, cybercriminals adapted and ransoms escalated, calling insurability into question. Yet there remains little appetite for imposing restrictive conditionality in this highly competitive market. Instead, insurers have turned to governments to contain criminal threats and cushion catastrophic losses.

Publisher

Springer Science and Business Media LLC

Subject

Economics and Econometrics,Finance,General Business, Management and Accounting,Accounting

Link

https://link.springer.com/content/pdf/10.1057/s41288-022-00281-7.pdf

Reference67 articles.

1. Abraham, Kenneth S., and Daniel Schwarcz. 2021. Courting disaster: The underappreciated risk of cyber-insurance catastrophe. Connecticut Insurance Law Journal 27 (1): 51.

2. Abraham, Kenneth, and Daniel Schwarcz. 2023. The limits of regulation by insurance. Indiana Law Review 98. https://ssrn.com/abstract=4119812.

3. Arrow, Kenneth. 1963. Uncertainty and the welfare economics of medical care. American Economic Review 53: 943–971.

4. Avraham, Ronen, and Ariel Porat. 2022. The dark side of insurance. Working paper.

5. Baker, Tom. 2019. Back to the future of cyber insurance. PLUS Journal, Q3. https://scholarship.law.upenn.edu/faculty_scholarship/2184.

Cited by 12 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Resilience against Catastrophic Cyber Incidents: A Multistakeholder Analysis of Cyber Insurance;Electronics;2024-07-14

2. Regional Perspective of Using Cyber Insurance as a Tool for Protection of Agriculture 4.0;Agriculture;2024-02-18

3. Rethinking Digital Borders to Address Jurisdiction and Governance in the Global Digital Economy;International Journal of Law and Policy;2024-01-10

4. Modeling and management of cyber risk: a cross-disciplinary review;Annals of Actuarial Science;2024-01-04

5. ‘There was a bit of PTSD every time I walked through the office door’: Ransomware harms and the factors that influence the victim organization’s experience;Journal of Cybersecurity;2024