Cyber Security Incentives and the Role of Cyber Insurance

This Emerging Insights paper outlines the opportunities of and challenges in using cyber insurance to incentivise cyber security practices. Its findings are based on a review of existing industry reports and academic research.

It forms part of an independent research project by RUSI and the University of Kent that provides actionable policy recommendations on how to incentivise cyber security through cyber insurance. They derive from a series of interviews and workshops with insurers, businesses, cyber security providers, government and other key stakeholders.

The paper identifies several policy questions raised by the existing literature. These questions serve to guide the next stage of the project and to prompt new conversations about how cyber insurance might better incentivise cyber security practices.