Analysing the impact of cyber insurance on the cyber security ecosystem

Abstract

Cyberattacks are a constant threat to organisations worldwide. The uncertainty and difficulty of properly conducting cyber risk management processes do not make it easier for organisations to cope with cyberattacks. Cyber insurance can be a partial solution to the dilemma that organisations face. However, it has not seen the expected growth which is likely because the actual effects of cyber insurance are still unclear. Furthermore, barely any literature is available on the insurance policies that insurers can utilise to positively influence the ecosystem. Additionally, the researches in current literature, whilst providing useful insights, still lack the chaos, interconnectedness and unpredictability (dynamicity) that characterises the cyber security ecosystem. In order to close this knowledge gap and tackle the issue of dynamicity, a modelling study was conducted utilising agent-based modelling. The agent-based model was built to simulate the cyber security ecosystem and to test the effects of various cyber insurance policies. The main findings from this research were that the various insurance policy options had positive but rather small influences. The combination of several policy options into a synergetic design provided results with more observable effects on ecosystem level. However, altogether there were still no large positive effects brought forth by the insurance policies on the cyber security ecosystem.