Nowadays, it is very important for companies to secure their information and prevent cyber attacks. Hacker’s abilities are growing each year and especially firms with high levels of online operations are at risk. To compensate for losses related to breaches companies invest in cyber insurance. The cyber market will grow exponentially year after year. Just like any insurance protection plan, the customer pays a premium in exchange for the payout and piece of mind should the event take place. Cyber insurance, however, faces moral hazard challenges, like any other type of insurance. If someone buys a car with full insurance, this person is more likely to be involved in an accident because there is a built-in financial safety net in case a crash takes place. If the insurance policy would have a 50/50 chance of paying for the loss incurred, the person would likely drive more careful. Cyber insurance works much the same way. If a company knows it has protection itself, if might not invest in security practices. On the other hand, when a company is yet insured it might stop taking the precautions. As the cyber insurance sector grows, cyber security prevention practices may fall because spending on both cyber prevention and insurance might be too costly. However, before a policy is created, the insurance firm will conduct an assessment of the firm’s current practices. The more the business is protected, the lower the premium would be, which then encourages better protection practices. This virtuous circle helps to maintain firm’s in-house responsibility while growing the insurance market for those who need it. Cyber insurance does not solve the issue of attacks, but it is a piece of the puzzle that supports the other areas of risk management. The danger in this topic lies in the fact that companies who pay for the insurance, most probably have a less secured system.
http://theconversation.com/why-companies-have-little-incentive-to-invest-in-cybersecurity-37570
Bailey, L. (2014). Mitigating moral hazard in cyber-risk insurance.
http://www.techrepublic.com/article/cyberinsurance-experts-disagree-on-coverage-necessity/
