Skip navigation
Cyberinsurance Policy
Book

Cyberinsurance Policy

Rethinking Risk in an Age of Ransomware, Computer Fraud, Data Breaches, and Cyberattacks (Information Policy)

MIT Press, 2022 more...

Buy book or audiobook


Editorial Rating

8

Qualities

  • Comprehensive
  • Eye Opening
  • Hot Topic

Recommendation

The cyber insurance market faces growing pains, as computer systems are becoming increasingly embedded in all aspects of business and crime, says cybersecurity expert Josephine Wolff. Insurers lack a clear definition of cybercrime and are working in an unregulated industry without adequate support from policymakers, she explains. Wolff guides readers through the complex challenges emerging cyber threats present while making suggestions to policymakers and insurers regarding how to mitigate the impacts of mass-scale cyberattacks better. 

Summary

Cyber risks pose new, complex challenges to insurers, leaving companies vulnerable.

NotPetya, one of the world’s most destructive pieces of malware, took down computer systems at major US corporations in 2017, including consumer goods manufacturer Reckitt Benckiser and Deerfield, Illinois-based snack company Mondelez International. NotPetya took control of 10% of computers in Ukraine, leading to suspicions of Russian military involvement. The insurer Zurich refused to pay out Mondelez’s claim, arguing that it wasn’t responsible for damage or losses caused by “hostile or warlike action in time of peace or war.” The logic behind Zurich’s exclusion wasn’t clear-cut: Was a cyberattack on the US manufacturer of Oreo cookies and Ritz Crackers an act of war? The case remains undecided today, as Zurich pursued settlement negotiations outside of court, drawing attention to the complexities and ambiguity in the cyber insurance industry.

Cybersecurity risks differ from other forms of risk in a critical way: Insurers rarely find themselves having to pay out multiple claims simultaneously, yet cybersecurity...

About the Author

Josephine Wolff is a Tufts University associate professor of cybersecurity policy and the author of You’ll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches.