Incentivising Cyber Security Through Cyber Insurance

This project investigated the role of cyber insurance in incentivising cyber security behaviours within organisations.

Pexels Stock

The Incentivising Cybersecurity through Cyber Insurance (ICCI) project was a collaboration between the University of Kent (UoK) and the Royal United Services Institute (RUSI) which analysed ways in which cyber insurance could provide a significant lever to promote a step change towards better cyber risk management in organisations.

Work on ICCI was supported by the Research Institute in Sociotechnical Cyber Security (RISCS) and the National Cyber Security Centre (NCSC).

Pexels Stock

Project outputs

Access the key outputs of this research project.

Cyber Insurance and the Cyber Security Challenge
Episode 49: Helping Cyber Insurance Help Cyber Security

Cyber insurance is meant to protect businesses from cyber attacks. But does it help or hurt cyber security as it stands now? Cyber Research Analyst Jamie MacColl with the UK’s Royal United Services Institute (RUSI) gives us a primer on cyber insurance.

Cyber Security Incentives and the Role of Cyber Insurance


First, the research team published a literature review of key research areas as an Emerging Insights paper in December 2020. After gathering a large amount of primary data, the team published the final paper. The Occasional Paper, released in June 2021, found that cyber insurance’s contribution to improving cyber security practices is more limited than policymakers and businesses might hope.

ICCI’s research findings have been pivotal in helping decision makers to navigate cyber risk management approaches, understand challenges with incentives in the context of cyber insurance, and provide clear and actionable recommendations that can be adopted by policy makers and practitioners alike.

Explore related projects

Ransomware: The Role of Cyber Insurance

Ransomware Harms and the Victim Experience

Cyber Threats Programme

Cyber Resilience Programme

Analysing how to mitigate cyber risks through building cyber-resilient societies.