The project will explore why organisations, including SMEs, may or may not feel compelled to introduce sufficient cyber risk management measures to protect against cyber-attacks. It will analyse to what extent cyber insurance could encourage better cyber risk management practices. In doing so, research will seek to learn from the approaches of other mature insurance sectors to incentive secure behaviours. This research is funded by the National Cyber Security Centre (NCSC), in collaboration with the Research Institute in Sociotechnical Cyber Security (RISCS).
RUSI’s Cyber Research team will work in partnership with UoK to look at the effect of cyber insurance on secure behaviours. The project, titled “Incentivising Cybersecurity through Cyber Insurance (ICCI),” will explore to what extent cyber insurance could direct and guide secure behaviours, and examine how the benefits of cyber insurance could be promoted more widely.
Throughout the project, RUSI and UoK academic, Dr Jason Nurse, will consult widely with practitioners and policymakers from across government, academia, industry, and other subject matter experts. The final report for this project is scheduled for publication in March 2021. It will include recommendations for policymakers to consider on the role that cyber insurance could play in delivering the cyber security that the UK needs over the next decade and beyond.
RUSI is a not-for-profit, non-political organisation and is entirely independent of government. RUSI maintains full editorial independence throughout the publication process. Findings and recommendations are in no way influenced by project funders.