How cyber insurance influences the ransomware payment decision: theory and evidence

被引：5

作者：

Cartwright, Anna ^{[1
]}

Cartwright, Edward ^{[2
]}

MacColl, Jamie ^{[3
]}

Mott, Gareth ^{[4
]}

Turner, Sarah ^{[5
]}

Sullivan, James ^{[3
]}

Nurse, Jason R. C. ^{[5
]}

机构：

[1] Oxford Brookes Univ, Oxford Brookes Business Sch, Oxford, England

[2] De Montfort Univ, Dept Accounting Finance & Econ, Leicester, England

[3] Royal United Serv Inst, London, England

[4] Univ Kent, Sch Polit & Int Relat, Canterbury, England

[5] Univ Kent, Sch Comp, Canterbury, England

来源：

GENEVA PAPERS ON RISK AND INSURANCE-ISSUES AND PRACTICE | 2023年 / 48卷 / 02期

关键词：

Ransomware; Insurance; Cybersecurity; Double extortion; Moral hazard; Negotiation;

D O I：

10.1057/s41288-023-00288-8

中图分类号：

F8 [财政、金融];

学科分类号：

0202 ;

摘要：

In this paper, we analyse how cyber insurance influences the cost-benefit decision-making process of a ransomware victim. Specifically, we ask whether organisations with cyber insurance are more likely to pay a ransom than non-insureds. We propose a game-theoretic framework with which to categorise and distinguish different channels through which insurance may influence victim decision making. This allows us to identify ways in which insurance may incentivise or disincentivise payment of the ransom. Our framework is informed by data from semi-structured interviews with 65 professionals with expertise in cyber insurance, cybersecurity and/or ransomware, as well as data from the U.K. Cyber Security Breaches Survey. We find that perceptions are divided on whether victims with insurance are more (or less) likely to pay a ransom. Our model can reconcile these views once we take into account context specifics, such as the severity of the attack as measured by business interruption and restoration and/or the exfiltration of sensitive data.

引用

页码：300 / 331

页数：32

共 50 条

[1] How cyber insurance influences the ransomware payment decision: theory and evidence
Anna Cartwright
Edward Cartwright
Jamie MacColl
Gareth Mott
Sarah Turner
James Sullivan
Jason R. C. Nurse
The Geneva Papers on Risk and Insurance - Issues and Practice, 2023, 48 : 300 - 331
[2] Insurance and enterprise: cyber insurance for ransomware
Baker, Tom
Shortland, Anja
GENEVA PAPERS ON RISK AND INSURANCE-ISSUES AND PRACTICE, 2023, 48 (02): : 275 - 299
[3] Insurance and enterprise: cyber insurance for ransomware
Tom Baker
Anja Shortland
The Geneva Papers on Risk and Insurance - Issues and Practice, 2023, 48 : 275 - 299
[4] RANSOMWARE: A DARWINIAN OPPORTUNITY FOR CYBER INSURANCE
Kenneally, Erin
CONNECTICUT INSURANCE LAW JOURNAL, 2021, 28 (01): : 165 - 195
[5] Theory and estimation of the mortgage payment protection insurance decision
Pryce, G
SCOTTISH JOURNAL OF POLITICAL ECONOMY, 2002, 49 (02) : 216 - 234
[6] Between a rock and a hard(ening) place: Cyber insurance in the ransomware era
Mott, Gareth
Turner, Sarah
Nurse, Jason R. C.
MacColl, Jamie
Sullivan, James
Cartwright, Anna
Cartwright, Edward
COMPUTERS & SECURITY, 2023, 128
[7] A framework for cyber-risk insurance against ransomware: A mixed-method approach
Mukhopadhyay, Arunabha
Jain, Swati
INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT, 2024, 74
[8] How environmental concern influences the investment decision:: an application of capital theory
Baumgärtner, S
Faber, M
Proops, J
ECOLOGICAL ECONOMICS, 2002, 40 (01) : 1 - 12
[9] Cyber Insurance Against Electronic Payment Service Outages A Document Study of Terms and Conditions from Electronic Payment Service Providers and Insurance Companies
Franke, Ulrik
SECURITY AND TRUST MANAGEMENT (STM 2018), 2018, 11091 : 73 - 84
[10] The evolution of ransomware attacks in light of recent cyber threats. How can geopolitical conflicts influence the cyber climate?
Fabian Teichmann
Sonia R. Boticiu
Bruno S. Sergi
International Cybersecurity Law Review, 2023, 4 (3): : 259 - 280

← 1 2 3 4 5 →