IDEAS home Printed from https://ideas.repec.org/a/pal/gpprii/v48y2023i2d10.1057_s41288-022-00281-7.html
   My bibliography  Save this article

Insurance and enterprise: cyber insurance for ransomware

Author

Listed:
  • Tom Baker

    (University of Pennsylvania Carey Law School)

  • Anja Shortland

    (Kings College London)

Abstract

Selling insurance gives insurers an incentive to manage insured risks. The “insurance-as-governance” literature demonstrates that insurers often make insurance conditional on ex ante risk reduction or mitigation. But insurance governs in support of enterprise, not security for its own sake. Tight underwriting inhibits enterprise—not only for insured businesses but also for the business of insurance. This paper highlights ex post loss reduction as a form of insurance-based governance. Drawing on interviews with industry insiders, we explore how insurers addressed the evolving problems of moral hazard, uncertainty and correlated losses since the 1990s. We find that cyber insurance developed sophisticated remedies to contain liabilities and quickly restore affected IT systems, but largely left security decisions to the insured. This facilitated enterprise in the short run but undermined security in the longer term: funding and expediting ransom payments encourages further attacks. As businesses improved their resilience, cybercriminals adapted and ransoms escalated, calling insurability into question. Yet there remains little appetite for imposing restrictive conditionality in this highly competitive market. Instead, insurers have turned to governments to contain criminal threats and cushion catastrophic losses.

Suggested Citation

  • Tom Baker & Anja Shortland, 2023. "Insurance and enterprise: cyber insurance for ransomware," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 275-299, April.
    • Handle: RePEc:pal:gpprii:v:48:y:2023:i:2:d:10.1057_s41288-022-00281-7
    DOI: 10.1057/s41288-022-00281-7
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1057/s41288-022-00281-7
    File Function: Abstract
    Download Restriction: Access to full text is restricted to subscribers.
    File URL: https://libkey.io/10.1057/s41288-022-00281-7?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Walter T Karten, 1997. "How to Expand the Limits of Insurability*," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 22(4), pages 515-522, October.
    2. Baker, Tom & Griffith, Sean J., 2010. "Ensuring Corporate Misconduct," University of Chicago Press Economics Books, University of Chicago Press, number 9780226035154, October.
    3. Steven Shavell, 1982. "On Liability and Insurance," Bell Journal of Economics, The RAND Corporation, vol. 13(1), pages 120-132, Spring.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Mondello, Gérard, 2012. "La responsabilité environnementale des prêteurs : difficultés juridiques et ensemble des possibles," L'Actualité Economique, Société Canadienne de Science Economique, vol. 88(2), pages 257-278, Juin.
    2. Pål Andreas Pedersen, 2001. "A Game Theoretical Approach to Road Safety," Studies in Economics 0105, School of Economics, University of Kent.
    3. L. A. Franzoni, 2016. "Optimal liability design under risk and ambiguity," Working Papers wp1048, Dipartimento Scienze Economiche, Universita' di Bologna.
    4. Sjur Didrik Flåm & Elmar G. Wolfstetter, 2015. "Liability Insurance and Choice of Cars: A Large Game Approach," Journal of Public Economic Theory, Association for Public Economic Theory, vol. 17(6), pages 943-963, December.
    5. Gérard Mondello & Evens Salies, 2018. "The unilateral accidenct model under a constrained Cournot-Nash duopoly," Working Papers hal-03458358, HAL.
    6. Virginia Rosales-López, 2008. "Economics of court performance: an empirical analysis," European Journal of Law and Economics, Springer, vol. 25(3), pages 231-251, June.
    7. Luigi Alberto Franzoni, 2016. "Correlated Accidents," American Law and Economics Review, American Law and Economics Association, vol. 18(2), pages 358-384.
    8. Gérard Mondello, 2012. "The Equivalence of Strict Liability and Negligence Rule: A " Trompe l'œil " Perspective," Post-Print hal-00727223, HAL.
    9. Chi, Hsin-Yi & Weng, Tzu-Ching, 2014. "Managerial legal liability and Big 4 auditor choice," Journal of Business Research, Elsevier, vol. 67(9), pages 1857-1869.
    10. Andreas Richter & Thomas C. Wilson, 2020. "Covid-19: implications for insurer risk management and the insurability of pandemic risk," The Geneva Risk and Insurance Review, Palgrave Macmillan;International Association for the Study of Insurance Economics (The Geneva Association), vol. 45(2), pages 171-199, September.
    11. Lakdawalla, Darius & Zanjani, George, 2005. "Insurance, self-protection, and the economics of terrorism," Journal of Public Economics, Elsevier, vol. 89(9-10), pages 1891-1905, September.
    12. Gérard Mondello, 2013. "Ambiguous Beliefs on Damages and Civil Liability Theories"," Post-Print halshs-00929948, HAL.
    13. Donald J., Wright, 2011. "Medical malpractice and physician liability under a negligence rule," International Review of Law and Economics, Elsevier, vol. 31(3), pages 205-211, September.
    14. Dari-Mattiacci, Giuseppe & Langlais, Eric, 2012. "Social Wealth and Optimal Care," International Review of Law and Economics, Elsevier, vol. 32(2), pages 271-284.
    15. Mattiacci, Giuseppe Dari & Parisi, Francesco, 2003. "The cost of delegated control: vicarious liability, secondary liability and mandatory insurance," International Review of Law and Economics, Elsevier, vol. 23(4), pages 453-475, December.
    16. Mary A. Weiss & Sharon Tennyson & Laureen Regan, 2010. "The Effects of Regulated Premium Subsidies on Insurance Costs: An Empirical Analysis of Automobile Insurance," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 77(3), pages 597-624, September.
    17. Aaron Finkle, 2010. "Contracts in the Shadow of the Law: Optimal Litigation Strategies within Organizations," International Journal of Business and Economics, School of Management Development, Feng Chia University, Taichung, Taiwan, vol. 9(2), pages 131-155, August.
    18. Marcel Boyer & Donatella Porrini, 2010. "Optimal liability sharing and court errors: an exploratory analysis," Working Papers hal-00463913, HAL.
    19. Eberl, Jakob & Jus, Darko, 2012. "The year of the cat: Taxing nuclear risk with the help of capital markets," Energy Policy, Elsevier, vol. 51(C), pages 364-373.
    20. Hultkrantz, Lars & Nilsson, Jan-Eric & Arvidsson, Sara, 2012. "Voluntary internalization of speeding externalities with vehicle insurance," Transportation Research Part A: Policy and Practice, Elsevier, vol. 46(6), pages 926-937.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:pal:gpprii:v:48:y:2023:i:2:d:10.1057_s41288-022-00281-7. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.palgrave-journals.com/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.