The concept of cyber insurance and its role in the ISO-based risk management process: An industrial perspective
More details
Hide details
Department of Risk Management & Insurance, The Cracow University of Economics
Publication date: 2023-10-31
Cybersecurity and Law 2023;10(2):363-383
With cyber threats rapidly growing, cyber risk insurance is emerging as a solution that can complement traditional cyber security tools based on technical and organizational measures. Moreover, the well-established risk management standards, such as ISO 31000 and ISO 27000, identify cyber insurance as having an important role to play in financing the negative impact of cyber risk. Accordingly, the purpose of this paper is to present the concept of cyber insurance and its key features, such as scope of coverage, areas of application, underwriting and premium calculation principles. The analysis is focused on industrial enterprises, which in many cases belong to the state’s critical infrastructure. They face not only pure cyber risk, but also cyber-physical risk, which means particularly high severity of potential losses. This study can have practical value in the context of requirements of the new NIS 2 Directive.
Agrawal V., A Framework for the Information Classification in ISO 27005 Standard [in:] Proceedings of the IEEE 4th International Conference on Cyber Security and Cloud Computing, 26–28 June 2017, New York 2017.
Cyber risk. The emerging cyber threat to industrial control systems, Report by Lloyd’s & Guy Carpenter, https://assets.lloyds.com/medi... [access: 4.12.2022].
Global Risks Report 2021, World Economic Forum, http://www3.weforum.org/docs/W... [access: 23.11.2022].
ISO 31000:2018 – Risk management – Guidelines, Geneva 2018.
Latham D., Watkins P.R., Cyber Insurance: A Last Line of Defense When Technology Fails, „White Paper” 2014, no. 1675.
Principles for Board Governance of Cyber Risk. Insight Report, World Economic Forum, March 2021, http://www3.weforum.org/docs/W... [access: 27.11.2022].
Rejda G.E., McNamara M.J., Rabel W.H., Principles of Risk Management and Insurance, Essex 2022.
Strupczewski G., Rola państwa w rozwoju rynku ubezpieczeń cybernetycznych, Kraków 2020.
Journals System - logo
Scroll to top