دانلود رایگان مقاله انگلیسی بازار بیمه سایبری در سوئد - نشریه الزویر

ABSTRACT

This article is a characterization of the cyber insurance market in Sweden. As empirical investigations of cyber insurance are rarely reported in the literature, the results are novel. The investigation is based on semi-structured interviews with 10 insurance companies active on the Swedish market, and additional interviews with 2 re-insurance companies and 3 insurance intermediaries. These informants represent essentially all companies selling cyber insurance on the Swedish market. Findings include descriptions of the coverages offered, including discrepancies between insurers, and the underwriting process used. Typical annual premiums are found to be in the span of some 5–10 kSEK per MSEK indemnity limit, i.e. 0.5–1% of the indemnity limit. For business interruption coverage, waiting periods are found to be relatively long compared to many outages. Furthermore, insurance companies impose information and IT security requirements on their customers, and do not insure customers that are too immature or have too poor security. Thus cyber insurance, in practice, is not merely an instrument of risk transfer, but also contains aspects of avoidance and mitigation. Based on the findings, market segmentation, pricing, business continuity, and asymmetry of information are discussed, and some future work is suggested.

6. Summary and conclusions

The results reported in this article offer an interesting picture of the cyber insurance market in Sweden. Market offerings are quite similar in covering both 1st party costs e.g. from business interruption, and 3rd party liabilities e.g. from data breaches. However, there are important discrepancies in the coverage of non-malicious events, the extent to which events at sub-contractors/service providers are covered, and the coverage for subsidiaries and corporate entities in different jurisdictions. The cyber insurance policies offered are not pure instruments of risk transfer, but typically also contain first response incident management, which is an important sales driver.

The Swedish cyber insurance market is rapidly growing, but cyber insurance in Sweden is currently mostly bought by large companies. This reflects a market segmentation where the standard products come with a complicated underwriting process tailoring offers to large customers, but some niche players are increasingly offering simpler policies aimed at smaller customers. Accurate pricing of cyber insurance is difficult and is based on expert models rather than on historical data. Lack of actuarial pricing is a cause for concern, at least among re-insurers who fear that pricing is wrong. In the long run, there is a belief among market actors that prices will become more accurate and converge, but there is some disagreement on whether this correction will mean lower or higher premiums, and whether it will be benign or a bubble bursting. Anyhow, increased competition has put pressure on premiums on the Swedish market. As a rough indication, the typical annual premium span is some 5–10 kSEK per MSEK indemnity limit, i.e. 0.5–1% of the indemnity limit.