Business disruption from cyberattacks is a growing concern, yet cyberinsurance uptake remains low. Using an online behavioural economics experiment with 4800 participants across four EU countries, this study tests a predictive model of cyberinsurance adoption, incorporating elements of Protection Motivation Theory (PMT) and the Theory of Planned Behaviour (TPB) as well as factors in relation to risk propensity and price. During the experiment, participants were given the opportunity to purchase different cybersecurity measures and cyberinsurance products before performing an online task. Participants likelihood of suffering a cyberattack was dependent upon their adoption of cybersecurity measures and their behaviour during the online task. The consequences of any attack were dependent upon the participants insurance decisions. Structural equation modelling was applied and the model was further developed to include elements of the wider security ecosystem. The final model shows that all TPB factors, and response efficacy from the PMT, positively predicted adoption of premium cyberinsurance. Interestingly, adoption of cybersecurity measures was associated with safer behaviour online, contrary to concerns of “moral hazard”. The findings highlight the need to consider the larger cybersecurity ecosystem when designing interventions to increase adoption of cyberinsurance and/or promote more secure online behaviour.
- Protection motivation theory
- Theory of planned behaviour