Cyber Insurance from the stakeholder's perspective: a qualitative analysis of barriers and facilitators to adoption

Dawn Branley-Bell; Lynne Coventry; Pam Briggs

doi:10.1145/3549015.3554206

Cyber Insurance from the stakeholder's perspective: a qualitative analysis of barriers and facilitators to adoption

Dawn Branley-Bell, Lynne Coventry, Pam Briggs

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Business disruption from cyber-attacks is a recognized and growing concern, yet the uptake of cyber insurance has been substantially lower than expected. This study aimed to identify what factors may be influencing perceptions and uptake of cyber insurance. In-depth interviews were conducted with two stakeholder groups: those responsible for making cybersecurity decisions within businesses, and those involved in marketing cybersecurity products and/or services including cyber insurance. Thematic analysis generated five themes from the data: High complexity of company-level decision making, Security investment trade-off, Lack of risk data and immaturity of cyber insurance, Mistrust of insurers, and Compliance legislation as a driver for cyber insurance adoption. The results highlight the importance of recognizing that internal organizational decision making involves a complex eco-system which can make the process of obtaining and renewing cyber insurance an effortful process. Legislation may facilitate insurance uptake, but several external factors represent key barriers. There is a need for clearer policy wording, improved processes for cyber risk assessment, improved trust in insurers and lower policy premiums.

Original language	English
Title of host publication	Proceedings of EuroUSEC 2022
Subtitle of host publication	the 2022 European Symposium on Usable Security hybrid-onsite event, September 29 & 30, 2022 in Karlsruhe, Germany
Place of Publication	New York
Publisher	Association for Computing Machinery, Inc
Pages	151-159
Number of pages	9
ISBN (Electronic)	9781450397001
DOIs	https://doi.org/10.1145/3549015.3554206
Publication status	Published - 29 Sept 2022
Externally published	Yes
Event	2022 European Symposium on Usable Security - Karlsruhe, Germany Duration: 29 Sept 2022 → 30 Sept 2022 https://eurousec2022.secuso.org/#

Conference

Conference	2022 European Symposium on Usable Security
Abbreviated title	EuroUSEC 2022
Country/Territory	Germany
City	Karlsruhe
Period	29/09/22 → 30/09/22
Internet address	https://eurousec2022.secuso.org/#

Keywords

Cybersecurity
Cyber insurance
Policy
Risk assessment
Qualitative methods

Access to Document

10.1145/3549015.3554206

Cite this

Branley-Bell, D., Coventry, L., & Briggs, P. (2022). Cyber Insurance from the stakeholder's perspective: a qualitative analysis of barriers and facilitators to adoption. In Proceedings of EuroUSEC 2022: the 2022 European Symposium on Usable Security hybrid-onsite event, September 29 & 30, 2022 in Karlsruhe, Germany (pp. 151-159). Association for Computing Machinery, Inc. https://doi.org/10.1145/3549015.3554206

Branley-Bell, Dawn ; Coventry, Lynne ; Briggs, Pam. / Cyber Insurance from the stakeholder's perspective : a qualitative analysis of barriers and facilitators to adoption. Proceedings of EuroUSEC 2022: the 2022 European Symposium on Usable Security hybrid-onsite event, September 29 & 30, 2022 in Karlsruhe, Germany. New York : Association for Computing Machinery, Inc, 2022. pp. 151-159

@inproceedings{cc9746ed77cd4fd5a3b24a08f78ce3c4,

title = "Cyber Insurance from the stakeholder's perspective: a qualitative analysis of barriers and facilitators to adoption",

abstract = "Business disruption from cyber-attacks is a recognized and growing concern, yet the uptake of cyber insurance has been substantially lower than expected. This study aimed to identify what factors may be influencing perceptions and uptake of cyber insurance. In-depth interviews were conducted with two stakeholder groups: those responsible for making cybersecurity decisions within businesses, and those involved in marketing cybersecurity products and/or services including cyber insurance. Thematic analysis generated five themes from the data: High complexity of company-level decision making, Security investment trade-off, Lack of risk data and immaturity of cyber insurance, Mistrust of insurers, and Compliance legislation as a driver for cyber insurance adoption. The results highlight the importance of recognizing that internal organizational decision making involves a complex eco-system which can make the process of obtaining and renewing cyber insurance an effortful process. Legislation may facilitate insurance uptake, but several external factors represent key barriers. There is a need for clearer policy wording, improved processes for cyber risk assessment, improved trust in insurers and lower policy premiums.",

author = "Dawn Branley-Bell and Lynne Coventry and Pam Briggs",

note = "Funding Information: This research was funded by the European Union{\textquoteright}s Horizon 2020 research and innovation programme under the CYBECO grant agreement No 740920. Publisher Copyright: {\textcopyright} 2022 ACM.; 2022 European Symposium on Usable Security, EuroUSEC 2022 ; Conference date: 29-09-2022 Through 30-09-2022",

year = "2022",

month = sep,

day = "29",

doi = "10.1145/3549015.3554206",

language = "English",

pages = "151--159",

booktitle = "Proceedings of EuroUSEC 2022",

publisher = "Association for Computing Machinery, Inc",

url = "https://eurousec2022.secuso.org/#",

}

Branley-Bell, D, Coventry, L & Briggs, P 2022, Cyber Insurance from the stakeholder's perspective: a qualitative analysis of barriers and facilitators to adoption. in Proceedings of EuroUSEC 2022: the 2022 European Symposium on Usable Security hybrid-onsite event, September 29 & 30, 2022 in Karlsruhe, Germany. Association for Computing Machinery, Inc, New York, pp. 151-159, 2022 European Symposium on Usable Security, Karlsruhe, Germany, 29/09/22. https://doi.org/10.1145/3549015.3554206

Cyber Insurance from the stakeholder's perspective : a qualitative analysis of barriers and facilitators to adoption. / Branley-Bell, Dawn; Coventry, Lynne; Briggs, Pam.

Proceedings of EuroUSEC 2022: the 2022 European Symposium on Usable Security hybrid-onsite event, September 29 & 30, 2022 in Karlsruhe, Germany. New York : Association for Computing Machinery, Inc, 2022. p. 151-159.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Cyber Insurance from the stakeholder's perspective

T2 - 2022 European Symposium on Usable Security

AU - Branley-Bell, Dawn

AU - Coventry, Lynne

AU - Briggs, Pam

PY - 2022/9/29

Y1 - 2022/9/29

N2 - Business disruption from cyber-attacks is a recognized and growing concern, yet the uptake of cyber insurance has been substantially lower than expected. This study aimed to identify what factors may be influencing perceptions and uptake of cyber insurance. In-depth interviews were conducted with two stakeholder groups: those responsible for making cybersecurity decisions within businesses, and those involved in marketing cybersecurity products and/or services including cyber insurance. Thematic analysis generated five themes from the data: High complexity of company-level decision making, Security investment trade-off, Lack of risk data and immaturity of cyber insurance, Mistrust of insurers, and Compliance legislation as a driver for cyber insurance adoption. The results highlight the importance of recognizing that internal organizational decision making involves a complex eco-system which can make the process of obtaining and renewing cyber insurance an effortful process. Legislation may facilitate insurance uptake, but several external factors represent key barriers. There is a need for clearer policy wording, improved processes for cyber risk assessment, improved trust in insurers and lower policy premiums.

AB - Business disruption from cyber-attacks is a recognized and growing concern, yet the uptake of cyber insurance has been substantially lower than expected. This study aimed to identify what factors may be influencing perceptions and uptake of cyber insurance. In-depth interviews were conducted with two stakeholder groups: those responsible for making cybersecurity decisions within businesses, and those involved in marketing cybersecurity products and/or services including cyber insurance. Thematic analysis generated five themes from the data: High complexity of company-level decision making, Security investment trade-off, Lack of risk data and immaturity of cyber insurance, Mistrust of insurers, and Compliance legislation as a driver for cyber insurance adoption. The results highlight the importance of recognizing that internal organizational decision making involves a complex eco-system which can make the process of obtaining and renewing cyber insurance an effortful process. Legislation may facilitate insurance uptake, but several external factors represent key barriers. There is a need for clearer policy wording, improved processes for cyber risk assessment, improved trust in insurers and lower policy premiums.

U2 - 10.1145/3549015.3554206

DO - 10.1145/3549015.3554206

M3 - Conference contribution

AN - SCOPUS:85138470747

SP - 151

EP - 159

BT - Proceedings of EuroUSEC 2022

PB - Association for Computing Machinery, Inc

CY - New York

Y2 - 29 September 2022 through 30 September 2022

ER -

Branley-Bell D, Coventry L, Briggs P. Cyber Insurance from the stakeholder's perspective: a qualitative analysis of barriers and facilitators to adoption. In Proceedings of EuroUSEC 2022: the 2022 European Symposium on Usable Security hybrid-onsite event, September 29 & 30, 2022 in Karlsruhe, Germany. New York: Association for Computing Machinery, Inc. 2022. p. 151-159 Epub 2022 Sept 29. doi: 10.1145/3549015.3554206

Cyber Insurance from the stakeholder's perspective: a qualitative analysis of barriers and facilitators to adoption

Abstract

Conference

Keywords

Access to Document

Fingerprint

Cite this