A new policy paper co-authored by Dr Jason Nurse of the School of Computing and Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) has outlined the opportunities of and challenges in using cyber insurance to incentivise cyber security practices.
Dr Nurse collaborated with James Sullivan, Head of Cyber Research at The Royal United Services Institute (RUSI), to produce the Emerging Insights paper, providing actionable policy recommendations for those businesses involved in, or considering, cyber insurance. The paper’s findings are based on a review of existing industry reports and academic research.
The report titled ‘Cyber Security Incentives and the Role of Cyber Insurance’, forms part of an independent research project by the University of Kent and RUSI. This derives from a series of interviews and workshops with insurers, businesses, cyber security providers, government and other key stakeholders.
Policy questions raised by existing literature serve to guide the next stage of the project and to prompt new conversations about to what extent cyber insurance might incentivise cyber security practices.
Dr Nurse said: ‘With data breaches and cyber attacks a higher risk to businesses than ever before, the uptake of cyber insurance still remains low. Businesses remain sceptical about the benefits of cyber insurance and the need to have it. They are also discouraged by the high prices of policies and the type of incidents they will be covered for. We hope that this report proves useful in assisting the cyber insurance market, both for businesses considering insurance, but also for insurers and regulators reflecting on what market weaknesses are yet to be addressed.’
The full report can be accessed here:
https://rusi.org/sites/default/files/246_ei_cyber_insurance_final_web_version.pdf