Ransomware: The Role of Cyber Insurance

The project investigates the relationship between cyber insurance and ransomware.




‘Ransomware: The Role of Cyber Insurance’ (RaCI) is a multidisciplinary research project between RUSI, the University of Kent, De Montfort University and Oxford Brookes University. The project seeks to understand the role of cyber insurance in handling the challenges posed by ransomware and the impact on how governments, law enforcement and the insurance industry tackle ransomware.

This project is the next phase of RUSI’s collaboration with the University of Kent on cyber insurance.

Related project


Projects
Incentivising Cyber Security Through Cyber Insurance

This project investigated the role of cyber insurance in incentivising cyber security behaviours within organisations.

Aims and objectives

We are seeking to answer the following questions:

  • How has the rise in ransomware claims changed the cyber insurance market and cyber insurance coverage?
  • Can cyber insurers help make organisations more secure or resilient against ransomware?
  • What is the current role of insurers when a ransomware incident occurs?
  • How has this role changed and where may it be headed?
  • What are the incentives and disincentives to victims paying ransoms?
  • What sort of public–private partnerships between the insurance industry and government would be effective for tackling ransomware?
  • Is ransomware coverage sustainable for the insurance industry?


The project will combine an extensive literature review with stakeholder interviews and workshops to gain critical insights into the cyber insurance industry. This will involve engagements with a diverse global community, including insurance professionals, law enforcement, civil servants, cyber security and incident response experts, data breach lawyers and businesses.

RaCI’s research findings will be pivotal in helping decision-makers to navigate cyber risk management approaches, understand ransomware challenges in the context of cyber insurance, and provide clear and actionable recommendations that can be adopted by governments and practitioners alike.

Project outputs

The main project output will be the publication of an Occasional Paper in the summer of 2022 which will draw our research together, as well as two academic papers.


Explore related projects

Projects

Incentivising Cyber Security Through Cyber Insurance

Projects

Tackling Cyber Fraud

Future UK Cyber Security Strategy