The concept of cyber insurance
and its role in the ISO-based risk
management process: An industrial
perspective
More details
Hide details
1
Department of Risk Management & Insurance, The Cracow University of Economics
Publication date: 2023-10-31
Cybersecurity and Law 2023;10(2):363-383
KEYWORDS
ABSTRACT
With cyber threats rapidly growing, cyber risk insurance is emerging as a solution that
can complement traditional cyber security tools based on technical and organizational
measures. Moreover, the well-established risk management standards, such as ISO
31000 and ISO 27000, identify cyber insurance as having an important role to play in
financing the negative impact of cyber risk. Accordingly, the purpose of this paper is to
present the concept of cyber insurance and its key features, such as scope of coverage,
areas of application, underwriting and premium calculation principles. The analysis
is focused on industrial enterprises, which in many cases belong to the state’s critical
infrastructure. They face not only pure cyber risk, but also cyber-physical risk, which
means particularly high severity of potential losses. This study can have practical value in
the context of requirements of the new NIS 2 Directive.
REFERENCES (8)
1.
Agrawal V., A Framework for the Information Classification in ISO 27005 Standard [in:] Proceedings of the IEEE 4th International Conference on Cyber Security and Cloud Computing, 26–28 June 2017, New York 2017.
4.
ISO 31000:2018 – Risk management – Guidelines, Geneva 2018.
5.
Latham D., Watkins P.R., Cyber Insurance: A Last Line of Defense When Technology Fails, „White Paper” 2014, no. 1675.
7.
Rejda G.E., McNamara M.J., Rabel W.H., Principles of Risk Management and Insurance, Essex 2022.
8.
Strupczewski G., Rola państwa w rozwoju rynku ubezpieczeń cybernetycznych, Kraków 2020.