Abstract
Major cyber incidents such as the Maersk case have demonstrated that the lack of cyber security can induce huge operational losses in the maritime sector. Cyber-insurance is an instrument of risk transfer, enabling organisations to insure themselves against financial losses caused by cyber incidents and get access to incident management services. This paper provides an empirical study of the use of cyber-insurance in the Norwegian maritime sector, with a particular emphasis on the effects of the General Data Protection Regulation and the Directive on Security of Network and Information Systems. Norway constitutes a significant case as a country having a highly mature IT infrastructure and well-developed maritime industry. Interviews were conducted with supplier- and demand-side maritime actors. Findings point to a widespread lack of knowledge about cyber-insurance. Furthermore, neither GDPR nor NIS were found to be significant drivers of cyber-insurance uptake among maritime organisations.
Original language | English (US) |
---|---|
Pages (from-to) | 267-286 |
Number of pages | 20 |
Journal | International Journal of Critical Infrastructures |
Volume | 18 |
Issue number | 3 |
DOIs | |
State | Published - 2022 |
Externally published | Yes |
Keywords
- cyber-insurance
- information sharing
- policy
- regulation
- risk
- security
ASJC Scopus subject areas
- Safety, Risk, Reliability and Quality
- General Environmental Science
- General Energy