This will help companies determine their current vulnerabilities and allow the insurance carrier to gauge the risk they are taking on by offering the policy to the entity.
[[Category:Wikipedia pages tagged for copyright problems|]] Information Technology is an inherent facet of virtually all modern businesses, the requirement for a separate product only exists because of a deliberate scoping exercise which has excluded theft and damage associated with modern technologies from the existing product lines.
[12] Around this same time, in 1999, David Walsh founded CFC Underwriting in the United Kingdom, a company which treats cyber as one of its main focus areas.
[15][16] The early meeting between Haase and 20 industry colleagues in Hawaii is now commonly referred to as the “Breach on the Beach” and is considered a pivotal moment at which cyber insurance was first recognized and celebrated.
In the late 1990s, when the business perspective of information security became more prominent, visions of cyber-insurance as a risk management tool were formulated.
Although its roots in the 1980s looked promising, battered by events such as Y2K and the 9/11 attacks, the market for cyber-insurance failed to thrive and remained in a niche for unusual demands.
The policy was spearheaded by Keith Daniels and Rob Hamesfahr then attorneys with the Chicago, IL law firm of Blatt, Hammesfahr & Eaton.
[[Category:Wikipedia pages tagged for copyright problems|]] The infrastructure, the users, and the services offered on computer networks today are all subject to a wide variety of risks posed by threats that include distributed denial of service attacks, intrusions of various kinds, eavesdropping,[22][23] hacking,[24] phishing, worms, viruses, spams, etc.
In this regard, some security researchers in the recent past have identified cyber-insurance as a potential tool for effective risk management.
Practicing 'duty of care' helps protect all interested parties - executives, regulators, judges, the public who can be affected by those risks.
[32] Information asymmetry has a significant negative effect on most insurance environments, where typical considerations include inability to distinguish between users of different (high and low risk) types, i.e., the so-called adverse selection problem, as well as users undertaking actions that adversely affect loss probabilities after the insurance contract is signed, i.e., the so-called moral hazard problem.
The survey found that 71% of CFOs believed that their insurance provider would cover "most or all" of the losses their company would suffer in a cyber security attack or crime.
Specifically, 50% of the CFOs mentioned that they anticipated after a cyber attack a devaluation of their company's brand while more than 30% expected a decline in revenue.
While the majority of cyber insurance claims will relate to simple criminal behaviour, increasingly companies are likely to fall victim to cyberwarfare attacks by nation-states or terrorist organizations - whether specifically targeted or simply collateral damage.
After the US and UK, governments characterized the NotPetya attack as a Russian military cyber-attack insurers are arguing that they do not cover such events.
While policy and legal studies [37] have had a sound say in why that is the case, it is the field of mathematical modeling research that have formally established the fact on why it is so.
The works by Lelarge and Bolot; and Shetty et al. present the benefits of cyber-insurance in incentivizing Internet users to invest appropriately in security.
However, their works address restricted market types that only consider independent residual cyber-risks from various user sources arriving to cyber-insurers.
Although Shetty et al. prove that cyber-insurance markets are inefficient under conditions of information asymmetry, their results do not generally extend to settings where insured organizations are networked among each other.
they prove that only in the case of aggregating light-tailed and independently sourced cyber-risks (a practically less probable event) will efficient cyber-insurance markets be sustainable.
The common message out of their study is that IT driven systems have too many vulnerabilities for computers to detect them (thereby eliminating information asymmetry) in practically feasible time - leave alone humans.
[[Category:Wikipedia pages tagged for copyright problems|]] In a recent academic effort, researchers Pal, Madnick, and Siegel from the Sloan School of Management at the Massachusetts Institute of Technology were the first to analyze the economic feasibility of cyber-CAT bond markets.
[citation needed] Many insurance companies have been hesitant to enter this coverage market, as sound actuarial data for cyber exposure is non-existent.