When to Treat Security Risks with Cyber Insurance
Chapter
Accepted version
View/
Date
2018Metadata
Show full item recordCollections
- Publikasjoner fra CRIStin - SINTEF AS [5477]
- SINTEF Digital [2341]
Original version
2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), Glasgow UK, 11-12 June 2018, pp 22Abstract
Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for affordable and practical ways of performing risk quantification when determining risk treatment options. To address this concern, we propose a lightweight, data-driven approach for organisations to evaluate their own need for cyber insurance. A generic risk model, populated with available industry averages, is used as a starting point. Individual organisations can instantiate this model to obtain a risk profile for themselves related to relevant cyber threats. The risk profile is then used together with a cyber insurance profile to estimate the benefit and as a basis for comparing offers from different insurance providers.