Maritime cyber-insurance: The Norwegian case

Ulrik Franke, Even Langfeldt Friberg, Hayretdin Bahşi

Research output: Contribution to journalArticlepeer-review

1 Scopus citations

Abstract

Major cyber incidents such as the Maersk case have demonstrated that the lack of cyber security can induce huge operational losses in the maritime sector. Cyber-insurance is an instrument of risk transfer, enabling organisations to insure themselves against financial losses caused by cyber incidents and get access to incident management services. This paper provides an empirical study of the use of cyber-insurance in the Norwegian maritime sector, with a particular emphasis on the effects of the General Data Protection Regulation and the Directive on Security of Network and Information Systems. Norway constitutes a significant case as a country having a highly mature IT infrastructure and well-developed maritime industry. Interviews were conducted with supplier- and demand-side maritime actors. Findings point to a widespread lack of knowledge about cyber-insurance. Furthermore, neither GDPR nor NIS were found to be significant drivers of cyber-insurance uptake among maritime organisations.

Original languageEnglish (US)
Pages (from-to)267-286
Number of pages20
JournalInternational Journal of Critical Infrastructures
Volume18
Issue number3
DOIs
StatePublished - 2022
Externally publishedYes

Keywords

  • cyber-insurance
  • information sharing
  • policy
  • regulation
  • risk
  • security

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • General Environmental Science
  • General Energy

Fingerprint

Dive into the research topics of 'Maritime cyber-insurance: The Norwegian case'. Together they form a unique fingerprint.

Cite this