Using Cyber-Insurance as a Risk Management Strategy: Knowledge Gaps and Recommendations for Further Research
Research report
Permanent lenke
http://hdl.handle.net/11250/2379189Utgivelsesdato
2015Metadata
Vis full innførselSamlinger
- Publikasjoner fra CRIStin - SINTEF AS [5626]
- SINTEF Digital [2379]
Originalversjon
SINTEF Rapport A27298, 24 p. SINTEF, 2015Sammendrag
Risk transfer can be an economically favorable way of handling security and privacy issues, but choosing this option indiscriminately and without proper knowledge is a risk in itself. This report provides an overview of knowledge gaps related to cyber-insurance as a risk management strategy. These are grouped into three high-level topics; cyber-insurance products, understanding and measuring risk and estimation of consequences. The topics are further divided into 11 knowledge areas with recommendations for further research. The work is based on a study of academic literature and other written materials, such as various reports and newspaper articles. There is a clear lack of empirical data on cyber-insurance, and in particular qualitative studies aiming to understand and describe needs, obstacles and processes relevant for cyber-insurance. We recommend a stronger emphasis on research related to topics that are specific to cyber-insurance, covering decision models for buyers of insurance, barriers for information sharing, impact of cyber-insurance on security, and business models for insurers
Beskrivelse
-