Cyber Risk Management with Risk Aware Cyber-Insurance in Blockchain Networks

While data theft and cyber risk are major threats facing organizations, existing research suggests that most organizations do not have sufficient protection to prevent data breaches, deal with notification responsibilities, and comply with privacy laws. This article explores how insurance companies play a critical, yet unrecognized, role in assisting organizations in complying with privacy laws and dealing with cyber theft. My analysis draws from and contributes to two literatures on organizational compliance: new institutional organizational sociology studies of how organizations respond to legal regulation and sociolegal insurance scholars' research on how institutions govern through risk. Through participant observation at conferences, interviews, and content analysis of insurer manuals and risk management services, my study highlights how insurers act as compliance managers for organizations dealing with cyber security threats. Well beyond pooling and transferring risk, insurance companies offer cyber insurance and unique risk management services that influence the ways organizations comply with privacy laws.

Download Full-text

$\mathtt{FlipIn}$ : A Game-Theoretic Cyber Insurance Framework for Incentive-Compatible Cyber Risk Management of Internet of Things

IEEE Transactions on Information Forensics and Security ◽

10.1109/tifs.2019.2955891 ◽

2020 ◽

Vol 15 ◽

pp. 2026-2041 ◽

Cited By ~ 1

Author(s):

Rui Zhang ◽

Quanyan Zhu

Keyword(s):

Risk Management ◽

Internet Of Things ◽

Cyber Insurance ◽

Incentive Compatible ◽

Game Theoretic ◽

Cyber Risk

Download Full-text

Optimal Investment in Cyber-Security under Cyber Insurance for a Multi-Branch Firm

Risks ◽

10.3390/risks9010024 ◽

2021 ◽

Vol 9 (1) ◽

pp. 24

Author(s):

Alessandro Mazzoccoli ◽

Maurizio Naldi

Keyword(s):

Risk Management ◽

Cyber Security ◽

Management Strategies ◽

Limited Liability ◽

Optimal Investment ◽

Cyber Insurance ◽

Risk Management Strategies ◽

Cyber Risk ◽

Investment Choices ◽

Very High

Investments in security and cyber-insurance are two cyber-risk management strategies that can be employed together to optimize the overall security expense. In this paper, we provide a closed form for the optimal investment under a full set of insurance liability scenarios (full liability, limited liability, and limited liability with deductibles) when we consider a multi-branch firm with correlated vulnerability. The insurance component results to be the major expense. It ends up being the only recommended approach (i.e., setting zero investments in security) when the intrinsic vulnerability is either very low or very high. We also study the robustness of the investment choices when our knowledge of vulnerability and correlation is uncertain, concluding that the uncertainty induced on investment by either uncertain correlation or uncertain vulnerability is not significant.

Download Full-text

Advancing Cyber Risk Insurance Underwriting Model Risk Management beyond VaR to Pre-Empt and Prevent the Forthcoming Global Cyber Insurance Crisis

SSRN Electronic Journal ◽

10.2139/ssrn.3081492 ◽

2017 ◽

Cited By ~ 1

Author(s):

Yogesh Malhotra

Keyword(s):

Risk Management ◽

Model Risk ◽

Cyber Insurance ◽

Risk Insurance ◽

Cyber Risk

Download Full-text

How Do I Embed Cyber Risk Management in All Aspects of the Organization?

10.1093/oso/9780197526545.003.0008 ◽

2021 ◽

pp. 160-172

Author(s):

Gregory Falco ◽

Eric Rosenbach

Keyword(s):

Risk Management ◽

Real World ◽

Mitigation Measures ◽

Critical Systems ◽

The Real ◽

Cyber Insurance ◽

Risk Framework ◽

Strategic Goals ◽

Cyber Risk

The question “How do I embed cyber risk management in all aspects of the organization?” addresses how to adopt an Embedded Endurance cyber risk strategy in your day-to-day work as a cyber leader. The chapter begins with a case study about the NotPetya cyberattack, which highlights ongoing challenges in cyber insurance and illuminates the need for embedding cyber mitigation measures across all prioritized critical systems, networks, and data. The chapter describes how to develop an Embedded Endurance cyber risk strategy that is customized for your organization. This chapter walks readers through the key elements of a cyber strategy, from start to finish. This includes defining a risk framework, setting strategic goals, identifying metrics, and establishing strong leadership. The chapter concludes with experiences highlighting the real-world importance of an Embedded Endurance cyber risk strategy from Rosenbach and Falco.

Download Full-text