Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.5.1233

Risk Management Requirements for Cyber Insurance  

Lee, Song-ha (Department of MIS, Chungbuk National University)
Jun, Hyo-Jung (Department of ISM, Chungbuk National University)
Kim, Tae-Sung (Department of MIS, Chungbuk National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.5, 2017 , pp. 1233-1245 More about this Journal
Abstract
Cyber risk is rapidly increasing due to the hyperconnectivity of the IoT in the intelligent information society. Therefore cyber insurance has been attracting attention as a new risk management countermeasure by transferring cyber risk. However, cyber insurance is still a new concept in South Korea. The purpose of this study is to propose the concept of cyber insurance suitable for domestic demand by deriving the priority of cyber insurance coverage. Research results suggest that the most requisite cyber insurance types are business interruption and liability.
Keywords
Cyber Insurance; Cyber-security Insurance; Risk Management; Cyber Security; AHP;
Citations & Related Records
연도 인용수 순위
  • Reference
1 NIST, Small business information security: the fundamentals, NISTIR 7621(Rev.1), 2016.
2 So-In Byeon, Internet nayana offers compensation for ransomware, Sisajournal-E, Oct. 2017.
3 AGCS, Allianz risk barometer top business risks 2016, 2016.
4 P. Daniele, A. Maugeri and A. Nagurney, In Operations Research, Engineering, and Cyber Security, Springer International Publishing, pp. 117-134, Mar. 2017.
5 AGCS, A guide to cyber risk: managing the impact of increasing interconnectivity, Sep. 2015.
6 G. Stephen, Lloyd's CEO: cyber attacks cost companies $400 billion every year, Fortune, Jan. 2015.
7 Jason Healey and Goldman Sachs, Beyond data breaches: global interconnections of cyber risk, Zurich, Apr. 2014.
8 S. Basak, Attack on U.S. power grid could cost $1 trillion, Lioyd's says, Bloomberg Business, Jul. 2015.
9 Hye-Eun Lee, Current status and future tasks of cyber risk and cyber insurance, KIRI Report, Jan. 2017.
10 Office for National Statistics, Crime in england and wales: year ending sept 2016, Jan. 2017.
11 Byeong-Cheol One, Lazarus, a suspect to bank of bangladesh hacking is belonging to north korea?, Boannews, Apr. 2017.
12 R. Arash, C. Cloud, J. Midgley, J. M. Moyer and B. Strauss, 2016 deloitte asia-pacific defense outlook, Deloitte, 2016.
13 R. Ostvold and B. Walker, Business resilience in the face of cyber risk Accenture, 2015.
14 Ministry of Science and ICT and Korea Internet Security Agency, Survey on information security(business), Feb. 2017.
15 L. A. Gordon, M. P. Loeb and T. Sohail, "A framework for using insurance for cyber-risk management," Communications of the ACM, Vol. 46, No. 3, pp. 80-85, Mar. 2003.
16 A-leum Lee, Influence and implications of reputation risk on insurance companies, Global Issue, KIRI Weekly, Jun. 2015.
17 ENISA, Incentives and barriers of the cyber insurance market in europe, Jun. 2012.
18 Jae-Bock Lee, Principles of insurance, Dunam, 2008.
19 https://www.abi.org.uk/Insurance-and-savings/Products/Business-insurance/Cyber-risk-insurance(visited in 2017.4.19.)
20 https://www.marsh.com/ca/en/services/cyber-risk.html(visited in 2017.4.19.)
21 Sang-Soo Jang, Tae-Hee Cho, Seung-ho Shin, Dae-Hyun Sin, ISMS build and utilize, Life and Power Press, 2013.
22 Target, Form 10-K(Fiscal year 2015.1.31.), United States Security and Exchange Commission Fillings, 2015.
23 K. McGinty, Target data breach price tag: $252 million and counting, Advisen Cyber FPN, Feb. 2015.
24 H. Cavusoglu, B. Mishra and S. Raghunathan, "A model for evaluating IT security investments," Communications of the ACM, vol. 47, no. 7, pp. 87-92, 2004.   DOI
25 H. Cavusoglu, B. Mishra and S. Raghunathan, "The value of intrusion detection systems in information technology security architecture," Information Systems Research, vol. 16, no. 1, pp. 28-46, Mar. 2005.   DOI
26 L. D. Bodin, L. A. Gordon and M. P. Loeb, "Evaluating information security investments using the Analytic Hierarchy Process," Communications of the ACM, vol. 48, no. 2, pp. 78-83, Feb. 2005.   DOI
27 L. A. Gordon and M. P. Loeb, "The economics of information security investment," ACM Transactions on Information and System Security (TISSEC), vol. 5, no. 4, pp. 438-457, Nov. 2002.   DOI
28 R. L. Kumar, S. Park, and C. Subramaniam, "Understanding the value of countermeasure portfolios in information systems security," Journal of Management Information Systems, vol. 25, no. 2, pp. 241-280, 2008.   DOI
29 Gun-Hoon Shin, "A Study on the Market Status and Issues of e-Commerce Insurance," International Commerce and Information Review, 7(3), pp. 27-51. 2005.
30 Kong-Woo La, "A Study on relations of Insurance and damage of Electronic Commerce," The Journal of Korea Research Society for Customs, 4(1), pp.199-224, Dec. 2003.
31 Jin-Hee Hong, "Legal Issues of Insurance on Liability from Electronic Commerce," Institute for the Study of Law Dong-A University, (59), pp.325-359, May 2013.
32 Hong Kwon and Tae-Sung Kim, "A study on information Security Risk Management Using Insurance," Proceedings of the 2009 Korean Management Symposium, pp. 1-3, June 2009.
33 L. John, "Cyber-insurance-I do not think that word means what you think it mean," San Francisco, RSA Conference 2017, Feb. 2017.
34 Aon Benfield, Cyber-the fast moving target: benchmarking views and attitudes by industry, 2016.
35 So-Yang Lee, The latest trends in the US cyber insurance market, KIRI Report, June 2015.
36 PwC, Insurance 2020 & beyond: reaping the dividends of cyber resilience, 2015
37 Allianz Life Korea, Now is the time to prepare for the new cyber risk era, Sep. 2015.
38 Byeong-Cheol Won, Pay attention to cyber insurance in the information protection market in 2017, Boannews, Jan. 2017.
39 In-Soon Kim, Interpark, filed an administrative suit against 500 million penalty charges to korea communications commission, Etnews, Feb. 2017.
40 Yong-Sup Han, Personal information liability insurance 'nominal thing' (?), Joseilbo, Feb. 2014.
41 American Bankers Association, 2016 cyber insurance buying guide, 2016.
42 Byung-Hwan Bae and Kyung-Sik Min, Policy suggestions on how to activate the domestic information security insurance market, Internet & Security Focus, Jul. 2013.
43 Chang-Hee Choi and Hye-Ran Kim, Implications of overseas cyber liability insurance market growth, KIRI Weekly, Sep. 2014.
44 Hye-Won Byeon, Considerations for improving cyber insurance trends and cyber risk management, KIRI Weekly, Nov. 2015.
45 D. Nathans, "Cyber-insurance: fraud, waste or abuse?," San Francisco, RSA Conference 2017, Feb. 2017.
46 OECD, Supporting an effective cyber insurance market, 2017.
47 Risk Management Solutions, Inc. and Cambridge Centre for Risk Studies, Managing cyber insurance accumulating risk, 2016.
48 Deloitte, Inside, 7, Quarterly Insights from Deloitte, 2015 .
49 RIMS, Cyber insurance: considerations for businesses, 2017.
50 Advisen&PartnerRe, 2016 survey of cyber insurance market trends, 2016.
51 T. L. Satty, The analytic hierarchy process, New York: McGraw-Hill, 1980.
52 T. L. Satty and K. P. Kearns, Analytic planning-the organization of systems, lst Ed., Pergamon Press, Jan. 1985.
53 T. L. Saaty, "How to make a decision: the analytic hierarchy process," European Journal of Operational Research, vol. 48, no. 1, pp. 9-26, Sep. 1990.   DOI