In spite of its increasing relevance for businesses today, research on cyber risk is limited. Many papers have been devoted to the technological aspects, but relatively little research has been published in the business and economics literature. The existing articles emphasize the lack of data and the modelling challenges (e.g. Maillart and Sornette 2010; Biener, Eling and Wirfs, 2015), the complexity and dependent risk structure (e.g. Hofmann and Ramaj, 2011; Ögüt, Raghunathan, and Menon, 2011) or adverse selection and moral hazard issues (e.g. Gordon, Loeb, and Sohail, 2003). More recent research is concerned with potentially huge losses from worst-case scenarios such as the breakdown of critical information infrastructure (e.g. World Economic Forum, 2010; Ruffle et al., 2014; Lloyd’s, 2015b; Long Finance, 2015). In short, existing studies highlight challenges in the risk management and insurability of cyber risks.
The aim of this paper is to establish a database on studies, articles and working papers on cyber risk and cyber risk insurance. Based on this, we provide insurance practitioners and academics a high-level overview of the main research topics and future research directions in the field. The focus of the analysis will be on the business and economics literature in the risk and insurance domain. In order to provide a structured discussion of the relevant literature, we structure our analysis around three research clusters and 10 key questions (see Figure 1).
The paper begins by summarising the existing knowledge on cyber risk and cyber insurance. Here we provide a structured review of the existing literature considering seven main research questions, starting with the definition of cyber risk followed by a review of the cyber insurance market. Based on these results we then derive future work both from an academic and from a practical perspective; that is, we consider what the industry and the government could do in order to manage, insure, and prevent cyber risk. Moreover, potential research questions for academics are formulated.
