@inproceedings{e3ca7db355a44a03b21d6b27afc423df,
title = "The role of cyber-insurance, market forces, tort and regulation in the cyber-security of safety-critical industries",
abstract = "Market forces cannot be relied upon to ensure the cyber security of safety-critical industries. Companies often lack the technical information to make informed decisions, for instance about the security of Commercial Off The Shelf (COTS) software. The pressures of competition also make it difficult to justify the cost of securing supply chains. Regulatory intervention can address these concerns. However, the recent recession prevents regulatory agencies from funding the salaries and incentives needed to retain competent cyber-security specialists. Tort provides an alternative; companies can seek redress through the courts when service providers fail to meet security requirements. However, tort is typically used in the aftermath of a security breach; the general public may be exposed to considerable risk before litigation addresses existing vulnerabilities. Companies can purchase cyber-insurance to offset future liabilities. Under-writers have a strong motivation to work with policyholders; to improve cyber-security and thereby reduce their exposure. However, it is difficult for actuaries to account for the risks of future cyber attacks without accurate information about the frequency and consequences of previous attacks. The extent to which any country relies on market forces, tort, regulation and cyber-insurance is determined as much by political influence as by technical arguments. The political response to economic recession combines with the changing nature of cyber-risks and inconsistent approaches to the reporting of previous incidents to undermine the future resilience of safety-critical infrastructures. In contrast, we argue that improving cyber incident-reporting will support the actuarial basis of cyber insurance. This combined with a requirement for regulatory competence will assist companies in securing their chains of supply.",
keywords = "Cyber insurance, Cyber security, Regulation, Tort",
author = "Johnson, {C. W.}",
note = "Publisher Copyright: {\textcopyright} 2015, Institution of Engineering and Technology. All rights reserved.; 10th IET System Safety and CyberSecurity Conference ; Conference date: 21-10-2015 Through 22-10-2015",
year = "2015",
doi = "10.1049/cp.2015.0288",
language = "English",
isbn = "9781785610929",
series = "IET Conference Publications",
publisher = "Institution of Engineering and Technology",
number = "CP682",
booktitle = "IET Conference Publications",
address = "United Kingdom",
edition = "CP682",
}