Incentivising Cyber Security Through Cyber Insurance
This project investigated the role of cyber insurance in incentivising cyber security behaviours within organisations.
The Incentivising Cybersecurity through Cyber Insurance (ICCI) project was a collaboration between the University of Kent (UoK) and the Royal United Services Institute (RUSI) which analysed ways in which cyber insurance could provide a significant lever to promote a step change towards better cyber risk management in organisations.
Work on ICCI was supported by the Research Institute in Sociotechnical Cyber Security (RISCS) and the National Cyber Security Centre (NCSC).
Aims and objectives
This project had two key objectives. The first was to develop a clear understanding of the positive outcomes that cyber insurance could have in improving cyber risk management practices, and consequently, to define how these outcomes may be championed to better direct secure behaviours in organisations.
The second objective was to research the extent to which knowledge from the other, more mature insurance portfolios – such as property, natural hazards, maritime, terrorism and health – may be leveraged to advance thinking and practice in cyber insurance.
The project combined an extensive literature review with stakeholder interviews and focus groups to gain critical insights into the cyber insurance industry. This involved engagements with a diverse global community, including insurance professionals, policymakers, cyber security experts, and organisations (including SMEs).
Sponsor
UK National Cyber Security Centre (NCSC)
Incentivising Cybersecurity through Cyber Insurance project is funded by the UK National Cyber Security Centre (NCSC).
Find out more
Project outputs
Access the key outputs of this research project.
Cyber insurance is meant to protect businesses from cyber attacks. But does it help or hurt cyber security as it stands now? Cyber Research Analyst Jamie MacColl with the UK’s Royal United Services Institute (RUSI) gives us a primer on cyber insurance.
Impact
First, the research team published a literature review of key research areas as an Emerging Insights paper in December 2020. After gathering a large amount of primary data, the team published the final paper. The Occasional Paper, released in June 2021, found that cyber insurance’s contribution to improving cyber security practices is more limited than policymakers and businesses might hope.
ICCI’s research findings have been pivotal in helping decision makers to navigate cyber risk management approaches, understand challenges with incentives in the context of cyber insurance, and provide clear and actionable recommendations that can be adopted by policy makers and practitioners alike.
