The role of cyber-insurance, market forces, tort and regulation in the cyber-security of safety-critical industries

C. W. Johnson*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Citation (Scopus)

Abstract

Market forces cannot be relied upon to ensure the cyber security of safety-critical industries. Companies often lack the technical information to make informed decisions, for instance about the security of Commercial Off The Shelf (COTS) software. The pressures of competition also make it difficult to justify the cost of securing supply chains. Regulatory intervention can address these concerns. However, the recent recession prevents regulatory agencies from funding the salaries and incentives needed to retain competent cyber-security specialists. Tort provides an alternative; companies can seek redress through the courts when service providers fail to meet security requirements. However, tort is typically used in the aftermath of a security breach; the general public may be exposed to considerable risk before litigation addresses existing vulnerabilities. Companies can purchase cyber-insurance to offset future liabilities. Under-writers have a strong motivation to work with policyholders; to improve cyber-security and thereby reduce their exposure. However, it is difficult for actuaries to account for the risks of future cyber attacks without accurate information about the frequency and consequences of previous attacks. The extent to which any country relies on market forces, tort, regulation and cyber-insurance is determined as much by political influence as by technical arguments. The political response to economic recession combines with the changing nature of cyber-risks and inconsistent approaches to the reporting of previous incidents to undermine the future resilience of safety-critical infrastructures. In contrast, we argue that improving cyber incident-reporting will support the actuarial basis of cyber insurance. This combined with a requirement for regulatory competence will assist companies in securing their chains of supply.

Original languageEnglish
Title of host publicationIET Conference Publications
PublisherInstitution of Engineering and Technology
EditionCP682
ISBN (Electronic)9781785610929
ISBN (Print)9781785610929
DOIs
Publication statusPublished - 2015
Externally publishedYes
Event10th IET System Safety and CyberSecurity Conference - Bristol, United Kingdom
Duration: 21 Oct 201522 Oct 2015

Publication series

NameIET Conference Publications
NumberCP682
Volume2015

Conference

Conference10th IET System Safety and CyberSecurity Conference
Country/TerritoryUnited Kingdom
CityBristol
Period21/10/1522/10/15

Fingerprint

Dive into the research topics of 'The role of cyber-insurance, market forces, tort and regulation in the cyber-security of safety-critical industries'. Together they form a unique fingerprint.

Cite this