To main content

When to Treat Security Risks with Cyber Insurance

When to Treat Security Risks with Cyber Insurance

Category
Part of a book/report
Abstract
Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for affordable and practical ways of performing risk quantification when determining risk treatment options. To address this concern, we propose a lightweight, data-driven approach for organisations to evaluate their own need for cyber insurance. A generic risk model, populated with available industry averages, is used as a starting point. Individual organisations can instantiate this model to obtain a risk profile for themselves related to relevant cyber threats. The risk profile is then used together with a cyber insurance profile to estimate the benefit and as a basis for comparing offers from different insurance providers.
Client
  • Norges forskningsråd / 259869
Language
English
Author(s)
Affiliation
  • Norwegian University of Science and Technology
  • SINTEF Digital / Software Engineering, Safety and Security
  • SINTEF Digital / Software and Service Innovation
Year
2018
Publisher
IEEE
Book
2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), Glasgow UK, 11-12 June 2018
ISBN
978-1-5386-4565-9