IDEAS home Printed from https://ideas.repec.org/a/pal/gpprii/v48y2023i2d10.1057_s41288-022-00281-7.html
   My bibliography  Save this article

Insurance and enterprise: cyber insurance for ransomware

Author

Listed:
  • Tom Baker

    (University of Pennsylvania Carey Law School)

  • Anja Shortland

    (Kings College London)

Abstract

Selling insurance gives insurers an incentive to manage insured risks. The “insurance-as-governance” literature demonstrates that insurers often make insurance conditional on ex ante risk reduction or mitigation. But insurance governs in support of enterprise, not security for its own sake. Tight underwriting inhibits enterprise—not only for insured businesses but also for the business of insurance. This paper highlights ex post loss reduction as a form of insurance-based governance. Drawing on interviews with industry insiders, we explore how insurers addressed the evolving problems of moral hazard, uncertainty and correlated losses since the 1990s. We find that cyber insurance developed sophisticated remedies to contain liabilities and quickly restore affected IT systems, but largely left security decisions to the insured. This facilitated enterprise in the short run but undermined security in the longer term: funding and expediting ransom payments encourages further attacks. As businesses improved their resilience, cybercriminals adapted and ransoms escalated, calling insurability into question. Yet there remains little appetite for imposing restrictive conditionality in this highly competitive market. Instead, insurers have turned to governments to contain criminal threats and cushion catastrophic losses.

Suggested Citation

  • Tom Baker & Anja Shortland, 2023. "Insurance and enterprise: cyber insurance for ransomware," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 275-299, April.
    • Handle: RePEc:pal:gpprii:v:48:y:2023:i:2:d:10.1057_s41288-022-00281-7
    DOI: 10.1057/s41288-022-00281-7
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1057/s41288-022-00281-7
    File Function: Abstract
    Download Restriction: Access to full text is restricted to subscribers.
    File URL: https://libkey.io/10.1057/s41288-022-00281-7?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Baker, Tom & Griffith, Sean J., 2010. "Ensuring Corporate Misconduct," University of Chicago Press Economics Books, University of Chicago Press, number 9780226035154, October.
    2. Steven Shavell, 1982. "On Liability and Insurance," Bell Journal of Economics, The RAND Corporation, vol. 13(1), pages 120-132, Spring.
    3. Walter T Karten, 1997. "How to Expand the Limits of Insurability*," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 22(4), pages 515-522, October.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Polinsky, A. Mitchell & Shavell, Steven, 2007. "The Theory of Public Enforcement of Law," Handbook of Law and Economics, in: A. Mitchell Polinsky & Steven Shavell (ed.), Handbook of Law and Economics, edition 1, volume 1, chapter 6, pages 403-454, Elsevier.
    2. Gérard Mondello & Evens Salies, 2018. "The Unilateral Accident Model under a Constrained Cournot-Nash Duopoly," GREDEG Working Papers 2018-14, Groupe de REcherche en Droit, Economie, Gestion (GREDEG CNRS), Université Côte d'Azur, France.
    3. Mondello, Gérard, 2012. "La responsabilité environnementale des prêteurs : difficultés juridiques et ensemble des possibles," L'Actualité Economique, Société Canadienne de Science Economique, vol. 88(2), pages 257-278, Juin.
    4. Dionne, Georges & Harrington, Scott, 2017. "Insurance and Insurance Markets," Working Papers 17-2, HEC Montreal, Canada Research Chair in Risk Management.
    5. Pål Andreas Pedersen, 2001. "A Game Theoretical Approach to Road Safety," Studies in Economics 0105, School of Economics, University of Kent.
    6. Donald J., Wright, 2011. "Medical malpractice and physician liability under a negligence rule," International Review of Law and Economics, Elsevier, vol. 31(3), pages 205-211, September.
    7. Lee Kangoh, 2016. "Risk Aversion, the Hand Rule, and Comparison between Strict Liability and the Negligence Rule," Review of Law & Economics, De Gruyter, vol. 12(2), pages 261-274, July.
    8. L. A. Franzoni, 2016. "Optimal liability design under risk and ambiguity," Working Papers wp1048, Dipartimento Scienze Economiche, Universita' di Bologna.
    9. Bartsch, Elga, 1997. "Environmental liability, imperfect information, and multidimensional pollution control," International Review of Law and Economics, Elsevier, vol. 17(1), pages 139-146, March.
    10. Qihao He & Michael Faure & Chengwei Liu, 2023. "The possibilities and limits of insurance as governance in insuring pandemics," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(3), pages 641-668, July.
    11. Sjur Didrik Flåm & Elmar G. Wolfstetter, 2015. "Liability Insurance and Choice of Cars: A Large Game Approach," Journal of Public Economic Theory, Association for Public Economic Theory, vol. 17(6), pages 943-963, December.
    12. Jorge Lemus & Emil Temnyalov & John L. Turner, 2021. "Liability Insurance: Equilibrium Contracts under Monopoly and Competition," American Economic Journal: Microeconomics, American Economic Association, vol. 13(1), pages 83-115, February.
    13. Virginia Rosales-López, 2008. "Economics of court performance: an empirical analysis," European Journal of Law and Economics, Springer, vol. 25(3), pages 231-251, June.
    14. Luigi Alberto Franzoni, 2016. "Correlated Accidents," American Law and Economics Review, American Law and Economics Association, vol. 18(2), pages 358-384.
    15. Gérard Mondello, 2020. "Strict Liability vs Negligence: Is Economic Efficiency a Relevant Comparison Criterion?," GREDEG Working Papers 2020-18, Groupe de REcherche en Droit, Economie, Gestion (GREDEG CNRS), Université Côte d'Azur, France.
    16. Hofmann, Annette, 2005. "Internalizing externalities of loss-prevention through insurance monopoly: An analysis of interdependent risks," Working Papers on Risk and Insurance 16, University of Hamburg, Institute for Risk and Insurance.
    17. Luigi Alberto Franzoni, 2024. "Efficient liability law when parties genuinely disagree," The Journal of Law, Economics, and Organization, Oxford University Press, vol. 40(2), pages 416-433.
    18. Meng-Chi Chueh & Shen-Ho Chang, 2022. "Effects of Directors and Officers Insurance on Earnings Management Strategies: Moderating Role of Restatement Announcements," International Journal of Business and Economic Sciences Applied Research (IJBESAR), Democritus University of Thrace (DUTH), Kavala Campus, Greece, vol. 15(1), pages 71-93, July.
    19. Timothy J. Brennan & Carolyn Kousky & Molly Macauley, 2009. "More Than a Wing and a Prayer: Government Indemnification of the Commercial Space Launch Industry," UMBC Economics Department Working Papers 09-112, UMBC Department of Economics, revised 01 Sep 2009.
    20. Gérard Mondello, 2012. "The Equivalence of Strict Liability and Negligence Rule: A " Trompe l'œil " Perspective," Post-Print hal-00727223, HAL.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:pal:gpprii:v:48:y:2023:i:2:d:10.1057_s41288-022-00281-7. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.palgrave-journals.com/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.