Cyberinsurance Policy Rethinking Risk in an Age of Ransomware, Computer Fraud, Data Breaches, and Cyberattacks

Cyberinsurance Policy Rethinking Risk in an Age of Ransomware, Computer Fraud, Data Breaches, and Cyberattacks

Why cyberinsurance has not improved cybersecurity and what governments can do to make it a more effective tool for cyber risk management. As cybersecurity incidents-ranging from data breaches and denial-of-service attacks to computer fraud and ransomware-become more common, a cyberinsurance industry...

Full description

Saved in:
Bibliographic Details
Main Author: Wolff, Josephine (auth)
Format: Electronic Book Chapter
Language:English
Published: Cambridge The MIT Press 2022
Series:Information Policy
Subjects:
Insurance & actuarial studies
Network security
Regional government policies
Cybersecurity
cyberinsurance
cyber risk management
history of insurance
systemic risk
catastrophic risk
interconnected risk
Online Access:DOAB: download the publication
DOAB: description of the publication
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Why cyberinsurance has not improved cybersecurity and what governments can do to make it a more effective tool for cyber risk management. As cybersecurity incidents-ranging from data breaches and denial-of-service attacks to computer fraud and ransomware-become more common, a cyberinsurance industry has emerged to provide coverage for any resulting liability, business interruption, extortion payments, regulatory fines, or repairs. In this book, Josephine Wolff offers the first comprehensive history of cyberinsurance, from the early "Internet Security Liability" policies in the late 1990s to the expansive coverage offered today. Drawing on legal records, government reports, cyberinsurance policies, and interviews with regulators and insurers, Wolff finds that cyberinsurance has not improved cybersecurity or reduced cyber risks. Wolff examines the development of cyberinsurance, comparing it to other insurance sectors, including car and flood insurance; explores legal disputes between insurers and policyholders about whether cyber-related losses were covered under policies designed for liability, crime, or property and casualty losses; and traces the trend toward standalone cyberinsurance policies and government efforts to regulate and promote the industry. Cyberinsurance, she argues, is ineffective at curbing cybersecurity losses because it normalizes the payment of online ransoms, whereas the goal of cybersecurity is the opposite-to disincentivize such payments to make ransomware less profitable. An industry built on modeling risk has found itself confronted by new technologies before the risks posed by those technologies can be fully understood.
Physical Description:1 electronic resource (296 p.)
ISBN:mitpress/13665.001.0001
9780262370752
9780262544184
DOI:10.7551/mitpress/13665.001.0001
Access:Open Access

Similar Items