Strengthening Cybersecurity with Cyber Insurance Markets and Better Risk Assessment

IF 3 3区社会学 Q1 LAW

Minnesota Law Review Pub Date : 2017-10-10 DOI:10.2139/SSRN.2924854

J. Kesan, C. Hayes

{"title":"Strengthening Cybersecurity with Cyber Insurance Markets and Better Risk Assessment","authors":"J. Kesan, C. Hayes","doi":"10.2139/SSRN.2924854","DOIUrl":null,"url":null,"abstract":"Cybersecurity is an increasingly important element of infrastructure and commerce. Courts are starting to shape the doctrine of third party liability for cyberattacks and data breaches. For businesses that rely on computers and the Internet, these developments affect their bottom line. There is a lot of interest in managing these emerging cyber risks and associated cyber losses, and many companies are looking to insurance policies for coverage. \nUnfortunately, commercial general liability policies are becoming narrower as insurers increasingly remove electronic data from the scope of coverage. Cyber insurance is becoming increasingly available, but the market for these policies is plagued by informational asymmetries, data scarcity, and high potential for moral hazard problems. \nIn this article, we examine insurance as a risk management tool in the cybersecurity context, with special emphasis on the emerging market for cyber insurance and how to overcome the dangers to this market’s effectiveness and growth through better risk assessment. In order to understand the legal risk in policy coverage, we present an empirical study and findings regarding litigation concerning insurance coverage for cyber harms involving intangible property, digital data, and cybersecurity. Our work emphasizes the need for developing cyber-specific insurance products, instead of relying on commercial general liability (CGL) policies to cover cyber losses. We urge that collaboration between the government and private sector will be necessary to better estimate the technological risk in this cyber environment for insurance purposes. We also analogize the cyber insurance market to the Workers’ Compensation system and the National Flood Insurance Program (NFIP) and analyze the lessons that can be drawn from them.","PeriodicalId":47393,"journal":{"name":"Minnesota Law Review","volume":"102 1","pages":"191-276"},"PeriodicalIF":3.0000,"publicationDate":"2017-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.2139/SSRN.2924854","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Minnesota Law Review","FirstCategoryId":"90","ListUrlMain":"https://doi.org/10.2139/SSRN.2924854","RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"LAW","Score":null,"Total":0}

引用次数: 14

Abstract

Cybersecurity is an increasingly important element of infrastructure and commerce. Courts are starting to shape the doctrine of third party liability for cyberattacks and data breaches. For businesses that rely on computers and the Internet, these developments affect their bottom line. There is a lot of interest in managing these emerging cyber risks and associated cyber losses, and many companies are looking to insurance policies for coverage. Unfortunately, commercial general liability policies are becoming narrower as insurers increasingly remove electronic data from the scope of coverage. Cyber insurance is becoming increasingly available, but the market for these policies is plagued by informational asymmetries, data scarcity, and high potential for moral hazard problems. In this article, we examine insurance as a risk management tool in the cybersecurity context, with special emphasis on the emerging market for cyber insurance and how to overcome the dangers to this market’s effectiveness and growth through better risk assessment. In order to understand the legal risk in policy coverage, we present an empirical study and findings regarding litigation concerning insurance coverage for cyber harms involving intangible property, digital data, and cybersecurity. Our work emphasizes the need for developing cyber-specific insurance products, instead of relying on commercial general liability (CGL) policies to cover cyber losses. We urge that collaboration between the government and private sector will be necessary to better estimate the technological risk in this cyber environment for insurance purposes. We also analogize the cyber insurance market to the Workers’ Compensation system and the National Flood Insurance Program (NFIP) and analyze the lessons that can be drawn from them.

查看原文本刊更多论文

通过网络保险市场和更好的风险评估加强网络安全

网络安全是基础设施和商业日益重要的组成部分。法院正开始塑造网络攻击和数据泄露的第三方责任原则。对于依赖电脑和互联网的企业来说，这些发展影响着他们的底线。人们对管理这些新兴的网络风险和相关的网络损失非常感兴趣，许多公司都在寻求保险政策的覆盖。不幸的是，随着保险公司越来越多地将电子数据从承保范围中移除，商业一般责任保单正变得越来越窄。网络保险的可用性越来越高，但这些政策的市场受到信息不对称、数据稀缺和潜在道德风险问题的困扰。在本文中，我们将研究保险作为网络安全背景下的风险管理工具，特别强调网络保险的新兴市场，以及如何通过更好的风险评估来克服影响该市场有效性和增长的危险。为了了解政策覆盖中的法律风险，我们对涉及无形财产、数字数据和网络安全的网络损害保险覆盖的诉讼进行了实证研究和发现。我们的工作强调需要开发网络专用保险产品，而不是依赖商业一般责任(CGL)政策来覆盖网络损失。我们敦促政府和私营部门之间的合作将是必要的，以便更好地评估这种网络环境中的技术风险，以实现保险目的。我们还将网络保险市场与工人赔偿制度和国家洪水保险计划(NFIP)进行了类比，并分析了可以从中吸取的教训。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Minnesota Law Review LAW-

CiteScore

1.40

自引率

0.00%

发文量

期刊介绍： In January 1917, Professor Henry J. Fletcher launched the Minnesota Law Review with lofty aspirations: “A well-conducted law review . . . ought to do something to develop the spirit of statesmanship as distinguished from a dry professionalism. It ought at the same time contribute a little something to the systematic growth of the whole law.” For the next forty years, in conjunction with the Minnesota State Bar Association, the faculty of the University of Minnesota Law School directed the work of student editors of the Law Review. Despite their initial oversight and vision, however, the faculty gradually handed the editorial mantle over to law students.