Cyber Insurance from the stakeholder's perspective: A qualitative analysis of barriers and facilitators to adoption

Dawn Branley-Bell; Lynne Coventry; Pam Briggs

doi:10.1145/3549015.3554206

Cyber Insurance from the stakeholder's perspective: A qualitative analysis of barriers and facilitators to adoption

Dawn Branley-Bell, Lynne Coventry, Pam Briggs

Psychology Department

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Citations (Scopus)

28 Downloads (Pure)

Abstract

Business disruption from cyber-attacks is a recognized and growing concern, yet the uptake of cyber insurance has been substantially lower than expected. This study aimed to identify what factors may be influencing perceptions and uptake of cyber insurance. In-depth interviews were conducted with two stakeholder groups: those responsible for making cybersecurity decisions within businesses, and those involved in marketing cybersecurity products and/or services including cyber insurance. Thematic analysis generated five themes from the data: High complexity of company-level decision making, Security investment trade-off, Lack of risk data and immaturity of cyber insurance, Mistrust of insurers, and Compliance legislation as a driver for cyber insurance adoption. The results highlight the importance of recognizing that internal organizational decision making involves a complex eco-system which can make the process of obtaining and renewing cyber insurance an effortful process. Legislation may facilitate insurance uptake, but several external factors represent key barriers. There is a need for clearer policy wording, improved processes for cyber risk assessment, improved trust in insurers and lower policy premiums.

Original language	English
Title of host publication	EuroUSEC 2022
Subtitle of host publication	The 2022 European Symposium on Usable Security
Place of Publication	New York, US
Publisher	ACM
Pages	151-159
Number of pages	9
ISBN (Electronic)	9781450397001
ISBN (Print)	9781450397001
DOIs	https://doi.org/10.1145/3549015.3554206
Publication status	Published - 29 Sept 2022
Event	EuroUSEC 2022: 2022 European Symposium on Usable Security - Karlsruhe, Germany Duration: 29 Sept 2022 → 30 Sept 2022 https://eurousec2022.secuso.org/

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	EuroUSEC 2022
Country/Territory	Germany
City	Karlsruhe
Period	29/09/22 → 30/09/22
Internet address	https://eurousec2022.secuso.org/

Keywords

cyber insurance
cybersecurity
policy
qualitative methods
risk assessment

Access to Document

10.1145/3549015.3554206

3549015.3554206Final published version, 476 KB

Cite this

@inproceedings{235fafe5a9b24c6e8947764f70c1ac9f,

title = "Cyber Insurance from the stakeholder's perspective: A qualitative analysis of barriers and facilitators to adoption",

abstract = "Business disruption from cyber-attacks is a recognized and growing concern, yet the uptake of cyber insurance has been substantially lower than expected. This study aimed to identify what factors may be influencing perceptions and uptake of cyber insurance. In-depth interviews were conducted with two stakeholder groups: those responsible for making cybersecurity decisions within businesses, and those involved in marketing cybersecurity products and/or services including cyber insurance. Thematic analysis generated five themes from the data: High complexity of company-level decision making, Security investment trade-off, Lack of risk data and immaturity of cyber insurance, Mistrust of insurers, and Compliance legislation as a driver for cyber insurance adoption. The results highlight the importance of recognizing that internal organizational decision making involves a complex eco-system which can make the process of obtaining and renewing cyber insurance an effortful process. Legislation may facilitate insurance uptake, but several external factors represent key barriers. There is a need for clearer policy wording, improved processes for cyber risk assessment, improved trust in insurers and lower policy premiums. ",

keywords = "cyber insurance, cybersecurity, policy, qualitative methods, risk assessment",

author = "Dawn Branley-Bell and Lynne Coventry and Pam Briggs",

note = "Funding Information: This research was funded by the European Union{\textquoteright}s Horizon 2020 research and innovation programme under the CYBECO grant agreement No 740920.; EuroUSEC 2022 : 2022 European Symposium on Usable Security ; Conference date: 29-09-2022 Through 30-09-2022",

year = "2022",

month = sep,

day = "29",

doi = "10.1145/3549015.3554206",

language = "English",

isbn = "9781450397001",

series = "ACM International Conference Proceeding Series",

publisher = "ACM",

pages = "151--159",

booktitle = "EuroUSEC 2022",

address = "United States",

url = "https://eurousec2022.secuso.org/",

}

Branley-Bell, D, Coventry, L & Briggs, P 2022, Cyber Insurance from the stakeholder's perspective: A qualitative analysis of barriers and facilitators to adoption. in EuroUSEC 2022 : The 2022 European Symposium on Usable Security. ACM International Conference Proceeding Series, ACM, New York, US, pp. 151-159, EuroUSEC 2022, Karlsruhe, Germany, 29/09/22. https://doi.org/10.1145/3549015.3554206

Cyber Insurance from the stakeholder's perspective: A qualitative analysis of barriers and facilitators to adoption. / Branley-Bell, Dawn; Coventry, Lynne; Briggs, Pam.
EuroUSEC 2022 : The 2022 European Symposium on Usable Security. New York, US: ACM, 2022. p. 151-159 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Cyber Insurance from the stakeholder's perspective

T2 - EuroUSEC 2022

AU - Branley-Bell, Dawn

AU - Coventry, Lynne

AU - Briggs, Pam

N1 - Funding Information: This research was funded by the European Union’s Horizon 2020 research and innovation programme under the CYBECO grant agreement No 740920.

PY - 2022/9/29

Y1 - 2022/9/29

N2 - Business disruption from cyber-attacks is a recognized and growing concern, yet the uptake of cyber insurance has been substantially lower than expected. This study aimed to identify what factors may be influencing perceptions and uptake of cyber insurance. In-depth interviews were conducted with two stakeholder groups: those responsible for making cybersecurity decisions within businesses, and those involved in marketing cybersecurity products and/or services including cyber insurance. Thematic analysis generated five themes from the data: High complexity of company-level decision making, Security investment trade-off, Lack of risk data and immaturity of cyber insurance, Mistrust of insurers, and Compliance legislation as a driver for cyber insurance adoption. The results highlight the importance of recognizing that internal organizational decision making involves a complex eco-system which can make the process of obtaining and renewing cyber insurance an effortful process. Legislation may facilitate insurance uptake, but several external factors represent key barriers. There is a need for clearer policy wording, improved processes for cyber risk assessment, improved trust in insurers and lower policy premiums.

AB - Business disruption from cyber-attacks is a recognized and growing concern, yet the uptake of cyber insurance has been substantially lower than expected. This study aimed to identify what factors may be influencing perceptions and uptake of cyber insurance. In-depth interviews were conducted with two stakeholder groups: those responsible for making cybersecurity decisions within businesses, and those involved in marketing cybersecurity products and/or services including cyber insurance. Thematic analysis generated five themes from the data: High complexity of company-level decision making, Security investment trade-off, Lack of risk data and immaturity of cyber insurance, Mistrust of insurers, and Compliance legislation as a driver for cyber insurance adoption. The results highlight the importance of recognizing that internal organizational decision making involves a complex eco-system which can make the process of obtaining and renewing cyber insurance an effortful process. Legislation may facilitate insurance uptake, but several external factors represent key barriers. There is a need for clearer policy wording, improved processes for cyber risk assessment, improved trust in insurers and lower policy premiums.

KW - cyber insurance

KW - cybersecurity

KW - policy

KW - qualitative methods

KW - risk assessment

UR - http://www.scopus.com/inward/record.url?scp=85138470747&partnerID=8YFLogxK

U2 - 10.1145/3549015.3554206

DO - 10.1145/3549015.3554206

M3 - Conference contribution

SN - 9781450397001

T3 - ACM International Conference Proceeding Series

SP - 151

EP - 159

BT - EuroUSEC 2022

PB - ACM

CY - New York, US

Y2 - 29 September 2022 through 30 September 2022

ER -

Cyber Insurance from the stakeholder's perspective: A qualitative analysis of barriers and facilitators to adoption

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this