The effect of cyber-risk insurance to social welfare
| Published date | 02 May 2017 |
| DOI | https://doi.org/10.1108/JFC-05-2016-0035 |
| Date | 02 May 2017 |
| Pages | 329-346 |
| Author | Damla Kuru,Sema Bayraktar |
| Subject Matter | Accounting & Finance,Financial risk/company failure,Financial crime |
The effect of cyber-risk
insurance to social welfare
Damla Kuru
Department of Financial Economics, Istanbul Bilgi Universitesi,
Istanbul, Turkey, and
Sema Bayraktar
Department of Banking and Finance, School of Applied Science,
Istanbul Bilgi Universitesi, Istanbul, Turkey
Abstract
Purpose –Previous studies generally focused on the denition of cybercrime and its effect on the market.
Following Kesan’s study, this paper aims to analyse the relationship between cyber insurance and social
welfare and compare it among three countries, namely, USA, UK and Turkey. The paper also discusses the
main obstacles that the cyber insurer has to deal with and its effect on social welfare. This paper answers two
questions related to cyber insurance at an aggregate level. First, “what kind of contribution does cyber
insurance make to social welfare?” Second,“What kind of problems do insurers and insured have to face?”
Although the ndings are similar to Kesan’s study, this study gives an opportunity to make a country-based
study and interpret the results with a different perspective.
Design/methodology/approach –The calculation of utility is also important for interpreting social
welfare in the market. Consumer behaviour under uncertainty constructs the background for this paper
because the risks of malicious attacks are contingent and independent, which means that consumers have to
make their decisions under uncertainty. Von-Neumann-Morgenstern utility function is used for interpreting
consumer’s behaviour.
Findings –Basically, there are two important conclusions that can derive for cyber insurance. First, cyber
insurance can be dened as a higher security investment when coupled with increased levels of safety and a
robust IT infrastructure. Second, cyber insurance, as a high-security investment, would have a positive impact
on social welfare by making the internet safer for all users. The results show that the problems that lead to
market failure can be virtually eliminated with an accurate risk assessment that leads to appropriate premium
levels for insured. These results are consistent with those of study by Kesan et al. (2006).
Research limitations/implications –Data availability for different industries have limited the ability
to compare the impact of cyber-crime to different sectors.
Originality/value –Technological devices have become part of our daily life. Although they have brought
us increasing access to all types of information, including opportunities for business, they have also increased
the risk of malicious attacks and the risk of e-crime. By replicating the economic model used by Kesan et al.
(2006), social welfare losses and insurance premiums are calculated for three countries: USA, UK and Turkey.
Questions pertaining to contribution of cyber insurance to social welfare and problems faced by insurers and
insured are addressed.
Keywords Cyber risk, Social welfare, Cyber risk insurance
Paper type Research paper
1. Introduction
Technological devices have become part of our daily life. Although they have brought us
increasing access to all types of information, including opportunities for business, they have
also increased the risk of malicious attacks and the risk of e-crime. Cyber-crime is dened as
a criminal activity or crime that involves all computer technologies. Identity theft, phishing,
internet bullying and industrial espionage are just a few examples of cyber-crime activity. As
The current issue and full text archive of this journal is available on Emerald Insight at:
www.emeraldinsight.com/1359-0790.htm
Cyber-risk
insurance
329
Journalof Financial Crime
Vol.24 No. 2, 2017
pp.329-346
©Emerald Publishing Limited
1359-0790
DOI 10.1108/JFC-05-2016-0035
a result of cyber-crime against banks, nancial institutions, social organizations, the energy
sector, the pharmaceutical sector and other industries, companies and governmental
organizations have had to pay millions of dollars every year in nancial losses. The risk of
loss of intellectual property and the nancial loss directly related to cyber-crime increases
day-by-day.
According to the US Department of Justice, cyber-crime is one of the top threats facing the
USA, and it has excessive implications for their national security. In the year of 2011, USA
spent almost US$9m due to cyber-crime and today, the cost of cybercrime continues to be
very costly not just for USA but even for the world. The estimated cost in the USA is between
US$24bn to US$120bn (McAfee), compared to the worldwide cost (US$400bn), a rate that is
pretty high. In 2014, the loss related to cybercrime had reached 0.64 per cent of the gross
domestic product (GDP) (USA). In the USA, the problem of e-crime has become a national
political issue. There are a lot of researches and many reports about malicious attacks and
cybercrime in the USA. They make a national effort to investigate high-tech crimes, like
cyber-based terrorism, espionage […] etc. Although laws and legislation in the USA strictly
protect cyberspace, people, organizations and companies are still harmed by cyber-attacks.
In early 1990’s, cyber-insurance was generated as an alternative product to protect
companies and individuals against the risk of e-crime. Today, the cyber insurance market
has grown proportionally to cyber-attack frequency. The report written by Deloitte (Hurtaud
et al., 2015), the US cyber insurance market accounts for almost 90 per cent of the Global
Market and estimated gross premiums generated were US$1.3bnfor 2013 and US$2bnfor
2014.
Cybercrime has also become a top urgent national political issue in the United Kingdom
(UK). In a study by the House of Commons (Home Affairs Committee E-Crime, 2013), a
number of their witnesses emphasized scepticism regarding the annual estimated cost to the
country of £27bn. Moreover, UK exposed around 44 million cyber attacks in 2011, and
compared to the frequency worldwide, this ratio was quite high. Considering the report of
McAfee (2014), the cyber loss has reached 0.16 per cent of UK’s GDP. Like USA, there are lots
of researches and reports about cyber-crime. According to a report by the National Audit
Ofce in 2013, cyber security became one of the four top risks for UK national security in
2010. To minimize the risk and increase the awareness, government has worked with the
private sector to implement policies and programmes. To compete with the malicious e-crime
and other malicious cyber attacks, the government released its Cyber Security Strategy in
November 2011.
Today, Turkey is also one of the top country in the world with increasing cybercrime
probability. Like USA and UK, cybercrime is an important matter in Turkey and it has
become a national political issue. Cyber Security Intelligence Service (CSIS) has made a
research over cybercrime, and their ndings show that Turkey is increasingly exposed
to cybercrime because the Internet usage is increasing day-by-day whereas prevention is
limited. Although there are several research and projects to mitigate the effect of
cybercrime, they are impotent to prevent the probability of cyber risks. “National
Cyberspace Security Policy”, a cyber security analysis of Turkey was prepared in 2008
by the collaboration of 19 Government agencies and was submitted to the ofce of the
Prime Minister. The main purpose of this document is to identify the steps Turkey can
take nationwide to be prepared against cyberspace attacks in the cyber space and to
recover in a resilient manner.
Cyber insurance, has been in the market only for three or four years in Turkey. It is a
brand new product. Although some giant companies are interested in cyber insurance, its use
is still low. Many industries in Turkey still do not know even the existence of this product.
JFC
24,2
330
To continue reading
Request your trial