International Journal On Cyber Situational Awareness (IJCSA)
ISSN: (Print) 2057-2182 ISSN: (Online) 2057-2182
Published Semi-annually. Est. 2014
Dr Cyril Onwubiko, Chair – Cyber Security & Intelligence, E-Security Group, Research Series, London, UK; IEEE UK & Ireland Section Secretary
Professor Frank Wang, Head of School / Professor of Future Computing, Chair IEEE Computer Society, UK&RI, School of Computing, University of Kent, Canterbury, UK
Professor Karen Renaud, Professor of Cyber Security, University of Abertay, Dundee, Scotland, UK
When to Treat Security Risks with Cyber Insurance
Per Håkon Meland and Fredrik Seehusen
Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for affordable and practical ways of performing risk quantification when determining risk treatment options. To address this concern, we propose a lightweight, data-driven approach for organisations to evaluate their own need for cyber insurance. A generic risk model, populated with available industry averages, is used as a starting point. Individual organisations can instantiate this model to obtain a risk profile for themselves related to relevant cyber threats. The risk profile is then used together with a cyber insurance profile to estimate the benefit and as a basis for comparing offers from different insurance providers.
Keyword:Cyber insurance, risk quantification, risk profile, threats, decision making.
Volume 3. No. 1
Date: Dec. 2018
Reference to this paper should be made as follows: Meland, P.H. & Seehusen, F. (2018). When to Treat Security Risks with Cyber Insurance. International Journal on Cyber Situational Awareness, Vol. 3, No. 1, pp. 39-60.