Ransomware: The Role of Cyber Insurance

The project investigates the relationship between cyber insurance and ransomware.

‘Ransomware: The Role of Cyber Insurance’ (RaCI) is a multidisciplinary research project between RUSI, the University of Kent, De Montfort University and Oxford Brookes University. The project seeks to understand the role of cyber insurance in handling the challenges posed by ransomware and the impact on how governments, law enforcement and the insurance industry tackle ransomware.

This project is the next phase of RUSI’s collaboration with the University of Kent on cyber insurance.

Related projects

Incentivising Cyber Security Through Cyber Insurance

This project investigated the role of cyber insurance in incentivising cyber security behaviours within organisations.

Ransomware Harms and the Victim Experience

This project examines the impact of ransomware on victims, economies and societies.

Aims and objectives

We are seeking to answer the following questions:

  • How has the rise in ransomware claims changed the cyber insurance market and cyber insurance coverage?
  • Can cyber insurers help make organisations more secure or resilient against ransomware?
  • What is the current role of insurers when a ransomware incident occurs?
  • How has this role changed and where may it be headed?
  • What are the incentives and disincentives to victims paying ransoms?
  • What sort of public–private partnerships between the insurance industry and government would be effective for tackling ransomware?
  • Is ransomware coverage sustainable for the insurance industry?

The project will combine an extensive literature review with stakeholder interviews and workshops to gain critical insights into the cyber insurance industry. This will involve engagements with a diverse global community, including insurance professionals, law enforcement, civil servants, cyber security and incident response experts, data breach lawyers and businesses.

RaCI’s research findings will be pivotal in helping decision-makers to navigate cyber risk management approaches, understand ransomware challenges in the context of cyber insurance, and provide clear and actionable recommendations that can be adopted by governments and practitioners alike.

Project outputs

The main project output will be the publication of an Occasional Paper in the summer of 2022 which will draw our research together, as well as two academic papers.

Explore related projects


Incentivising Cyber Security Through Cyber Insurance

Ransomware Harms and the Victim Experience

Cyber Threats Programme

Cyber Resilience Programme

Analysing how to mitigate cyber risks through building cyber-resilient societies.

Cyber Threats Programme

Analysing the types of cyber threats facing societies and identifying how to mitigate them.