Cyberinsurance adoption strategies and security of online behaviour: an experimental study

Cybersecurity is a critical global challenge as organisations face increasingly sophisticated threats. While technical solutions remain essential, human decision-making plays a central role in determining cybersecurity outcomes. This study examines how individuals adopt cyberinsurance and protection measures, focusing on whether their decisions align with rational choice models. Using an online economic experiment with 4800 participants across four countries, we analyse purchasing behaviours and subsequent online security practices under varying scenarios of attack intentionality and pricing strategies. Our findings reveal that individuals deviate from expected utility maximisation, often choosing overprotective strategies with higher levels of insurance and security than economically optimal. We also find that contrary to concerns about moral hazard, insured individuals do not exhibit riskier behaviour post-adoption; instead, they maintain or enhance their security practices. Additionally, pricing mechanisms that link insurance premiums to protection levels promote more rational decision-making. These results highlight the interplay between human heuristics and cybersecurity strategies, suggesting that interventions must account for cognitive biases while designing effective cyberinsurance products and policies. This research contributes to the literature on behavioural economics in cybersecurity, offering insights into how decision-making frameworks can support more secure online environments.