IDEAS home Printed from https://ideas.repec.org/a/pal/gpprii/v48y2023i2d10.1057_s41288-022-00281-7.html
   My bibliography  Save this article

Insurance and enterprise: cyber insurance for ransomware

Author

Listed:
  • Tom Baker

    (University of Pennsylvania Carey Law School)

  • Anja Shortland

    (Kings College London)

Abstract

Selling insurance gives insurers an incentive to manage insured risks. The “insurance-as-governance” literature demonstrates that insurers often make insurance conditional on ex ante risk reduction or mitigation. But insurance governs in support of enterprise, not security for its own sake. Tight underwriting inhibits enterprise—not only for insured businesses but also for the business of insurance. This paper highlights ex post loss reduction as a form of insurance-based governance. Drawing on interviews with industry insiders, we explore how insurers addressed the evolving problems of moral hazard, uncertainty and correlated losses since the 1990s. We find that cyber insurance developed sophisticated remedies to contain liabilities and quickly restore affected IT systems, but largely left security decisions to the insured. This facilitated enterprise in the short run but undermined security in the longer term: funding and expediting ransom payments encourages further attacks. As businesses improved their resilience, cybercriminals adapted and ransoms escalated, calling insurability into question. Yet there remains little appetite for imposing restrictive conditionality in this highly competitive market. Instead, insurers have turned to governments to contain criminal threats and cushion catastrophic losses.

Suggested Citation

  • Tom Baker & Anja Shortland, 2023. "Insurance and enterprise: cyber insurance for ransomware," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 275-299, April.
    • Handle: RePEc:pal:gpprii:v:48:y:2023:i:2:d:10.1057_s41288-022-00281-7
    DOI: 10.1057/s41288-022-00281-7
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1057/s41288-022-00281-7
    File Function: Abstract
    Download Restriction: Access to full text is restricted to subscribers.
    File URL: https://libkey.io/10.1057/s41288-022-00281-7?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to

    for a different version of it.

    References listed on IDEAS

    as
    1. Walter T Karten, 1997. "How to Expand the Limits of Insurability*," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 22(4), pages 515-522, October.
    2. Steven Shavell, 1982. "On Liability and Insurance," Bell Journal of Economics, The RAND Corporation, vol. 13(1), pages 120-132, Spring.
    3. Baker, Tom & Griffith, Sean J., 2010. "Ensuring Corporate Misconduct," University of Chicago Press Economics Books, University of Chicago Press, number 9780226035154, December.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Pål Andreas Pedersen, 2001. "A Game Theoretical Approach to Road Safety," Studies in Economics 0105, School of Economics, University of Kent.
    2. Sjur Didrik Flåm & Elmar G. Wolfstetter, 2015. "Liability Insurance and Choice of Cars: A Large Game Approach," Journal of Public Economic Theory, Association for Public Economic Theory, vol. 17(6), pages 943-963, December.
    3. Chi, Hsin-Yi & Weng, Tzu-Ching, 2014. "Managerial legal liability and Big 4 auditor choice," Journal of Business Research, Elsevier, vol. 67(9), pages 1857-1869.
    4. Lakdawalla, Darius & Zanjani, George, 2005. "Insurance, self-protection, and the economics of terrorism," Journal of Public Economics, Elsevier, vol. 89(9-10), pages 1891-1905, September.
    5. Gérard Mondello, 2013. "Ambiguous Beliefs on Damages and Civil Liability Theories"," Post-Print halshs-00929948, HAL.
    6. Donald J., Wright, 2011. "Medical malpractice and physician liability under a negligence rule," International Review of Law and Economics, Elsevier, vol. 31(3), pages 205-211, September.
    7. Mary A. Weiss & Sharon Tennyson & Laureen Regan, 2010. "The Effects of Regulated Premium Subsidies on Insurance Costs: An Empirical Analysis of Automobile Insurance," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 77(3), pages 597-624, September.
    8. Aaron Finkle, 2010. "Contracts in the Shadow of the Law: Optimal Litigation Strategies within Organizations," International Journal of Business and Economics, School of Management Development, Feng Chia University, Taichung, Taiwan, vol. 9(2), pages 131-155, August.
    9. Marcel Boyer & Donatella Porrini, 2010. "Optimal liability sharing and court errors: an exploratory analysis," Working Papers hal-00463913, HAL.
    10. Eberl, Jakob & Jus, Darko, 2012. "The year of the cat: Taxing nuclear risk with the help of capital markets," Energy Policy, Elsevier, vol. 51(C), pages 364-373.
    11. Hultkrantz, Lars & Nilsson, Jan-Eric & Arvidsson, Sara, 2012. "Voluntary internalization of speeding externalities with vehicle insurance," Transportation Research Part A: Policy and Practice, Elsevier, vol. 46(6), pages 926-937.
    12. Cohen, Alma & Dehejia, Rajeev, 2004. "The Effect of Automobile Insurance and Accident Liability Laws on Traffic Fatalities," Journal of Law and Economics, University of Chicago Press, vol. 47(2), pages 357-393, October.
    13. Boyer, Marcel & Porrini, Donatella, 2011. "The impact of court errors on liability sharing and safety regulation for environmental/industrial accidents," International Review of Law and Economics, Elsevier, vol. 31(1), pages 21-29, March.
    14. Bartsch, Elga, 1997. "Environmental liability, imperfect information, and multidimensional pollution control," International Review of Law and Economics, Elsevier, vol. 17(1), pages 139-146, March.
    15. Claude Fluet, 2002. "Assurance de responsabilité et aléa moral dans les régimes de responsabilité objective et pour faute," Revue d'économie politique, Dalloz, vol. 112(6), pages 845-861.
    16. Gérard Mondello, 2012. "La responsabilité environnementale des prêteurs : difficultés juridiques et ensemble des possibles," L'Actualité Economique, Société Canadienne de Science Economique, vol. 88(2), pages 257-278.
    17. Dari-Mattiacci, Giuseppe & Langlais, Eric, 2012. "Social Wealth and Optimal Care," International Review of Law and Economics, Elsevier, vol. 32(2), pages 271-284.
    18. Langlais, Eric, 2010. "Safety and the Allocation of Costs in Large Accidents," MPRA Paper 25710, University Library of Munich, Germany.
    19. Marie‐Cécile Fagart & Claude Fluet, 2009. "Liability insurance under the negligence rule," RAND Journal of Economics, RAND Corporation, vol. 40(3), pages 486-508, September.
    20. Gérard Mondello, 2017. "Un modèle d'accident unilatéral: incertitude non-radicale et estimations différenciées," GREDEG Working Papers 2017-12, Groupe de REcherche en Droit, Economie, Gestion (GREDEG CNRS), Université Côte d'Azur, France.

    More about this item

    Keywords

    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:pal:gpprii:v:48:y:2023:i:2:d:10.1057_s41288-022-00281-7. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.palgrave-journals.com/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.