Insurance and enterprise: cyber insurance for ransomware

被引：0

作者：

Tom Baker

Anja Shortland

机构：

[1] University of Pennsylvania Carey Law School,

[2] Kings College London,undefined

来源：

The Geneva Papers on Risk and Insurance - Issues and Practice | 2023年 / 48卷

关键词：

Insurance; Ransomware; Governance;

D O I：

暂无

中图分类号：

学科分类号：

摘要：

Selling insurance gives insurers an incentive to manage insured risks. The “insurance-as-governance” literature demonstrates that insurers often make insurance conditional on ex ante risk reduction or mitigation. But insurance governs in support of enterprise, not security for its own sake. Tight underwriting inhibits enterprise—not only for insured businesses but also for the business of insurance. This paper highlights ex post loss reduction as a form of insurance-based governance. Drawing on interviews with industry insiders, we explore how insurers addressed the evolving problems of moral hazard, uncertainty and correlated losses since the 1990s. We find that cyber insurance developed sophisticated remedies to contain liabilities and quickly restore affected IT systems, but largely left security decisions to the insured. This facilitated enterprise in the short run but undermined security in the longer term: funding and expediting ransom payments encourages further attacks. As businesses improved their resilience, cybercriminals adapted and ransoms escalated, calling insurability into question. Yet there remains little appetite for imposing restrictive conditionality in this highly competitive market. Instead, insurers have turned to governments to contain criminal threats and cushion catastrophic losses.

引用

页码：275 / 299

页数：24

共 47 条

[1] Abraham Kenneth S(2021)Courting disaster: The underappreciated risk of cyber-insurance catastrophe Connecticut Insurance Law Journal 27 51-971
[2] Schwarcz Daniel(1963)Uncertainty and the welfare economics of medical care American Economic Review 53 943-248
[3] Arrow Kenneth(2021)Uncertainty > risk: Lessons for legal thought from the insurance runoff market 62 Boston College Law Review 62 59-84
[4] Baker Tom(2021)Ransomware: Recent advances, analysis, challenges and future research directions Computers and Security 111 197-113
[5] Beamon Craig(2012)Outsourcing regulation: How insurance reduces moral hazard University of Michigan Law Review 111 1-522
[6] Barkworth Ashley(2021)Uncle Sam RE: Improving cyber hygiene and increasing confidence in the cyber insurance ecosystem via government backstopping University of Connecticut Insurance Law Journal 28 709-190
[7] Akande Toluwalope David(2021)On the effectiveness of ransomware decryption tools Computers and Security 111 85-36
[8] Hakak Saqib(1995)The metaphor is the key: Cryptography, the clipper chip and the constitution University of Pennsylvania Law Review 143 515-21
[9] Khan Muhammad Khurram(1917)The early history of the contract of insurance Columbia Law Review 17 171-19
[10] Ben Shahar Omri(1997)How to expand the limits of insurability The Geneva Papers on Risk and Insurance: Issues and Practice 85 1-45

← 1 2 3 4 5 →