When to Treat Security Risks with Cyber Insurance

International Journal On Cyber Situational Awareness (IJCSA)

ISSN: (Print) 2057-2182 ISSN: (Online) 2057-2182

DOI: 10.22619/IJCSA

Published Semi-annually. Est. 2014


Dr Cyril Onwubiko, Chair – Cyber Security & Intelligence, E-Security Group, Research Series, London, UK; IEEE UK & Ireland Section Secretary

Associate Editors:

Professor Frank Wang, Head of School / Professor of Future Computing, Chair IEEE Computer Society, UK&RI, School of Computing, University of Kent, Canterbury, UK

Professor Karen Renaud, Professor of Cyber Security, University of Abertay, Dundee, Scotland, UK

When to Treat Security Risks with Cyber Insurance

Per Håkon Meland and Fredrik Seehusen


Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for affordable and practical ways of performing risk quantification when determining risk treatment options. To address this concern, we propose a lightweight, data-driven approach for organisations to evaluate their own need for cyber insurance. A generic risk model, populated with available industry averages, is used as a starting point. Individual organisations can instantiate this model to obtain a risk profile for themselves related to relevant cyber threats. The risk profile is then used together with a cyber insurance profile to estimate the benefit and as a basis for comparing offers from different insurance providers.

Keyword:Cyber insurance, risk quantification, risk profile, threats, decision making.  

ISSN: 2057-2182

Volume 3. No. 1

DOI: 10.22619/IJCSA.2018.100119

Date: Dec. 2018

Reference to this paper should be made as follows: Meland, P.H. & Seehusen, F. (2018). When to Treat Security Risks with Cyber Insurance. International Journal on Cyber Situational Awareness, Vol. 3, No. 1, pp. 39-60.

PDF Download