Abstract
Purpose: This paper aims to describe the cyber-insurance market in Norway but offers conclusions that are interesting to a wider audience. Design/methodology/approach: The study is based on semi-structured interviews with supply-side actors: six general insurance companies, one marine insurance company and two insurance intermediaries. Findings: The Norwegian cyber-insurance market supply-side has grown significantly in the past two years. The General Data Protection Regulation (GDPR) is found to have had a modest effect on the market so far but has been used by the supply-side as an icebreaker to discuss cyber-insurance with customers. The NIS Directive has had little or no impact on the Norwegian cyber-insurance market until now. Informants also indicate that Norway is still the least mature of the four Nordic markets. Practical implications: Some policy lessons for different stakeholders are identified. Originality/value: Empirical investigation of cyber-insurance is still rare, and the paper offers original insights on market composition and actor motivations, ambiguity of coverage, the NIS Directive and GDPR.
Original language | English (US) |
---|---|
Pages (from-to) | 54-67 |
Number of pages | 14 |
Journal | Information and Computer Security |
Volume | 28 |
Issue number | 1 |
DOIs | |
State | Published - Apr 3 2020 |
Externally published | Yes |
Keywords
- Cyber-insurance
- GDPR
- Insurance adoption
- Insurance coverage
- NIS directive
- Norway
ASJC Scopus subject areas
- Management Information Systems
- Software
- Information Systems
- Computer Networks and Communications
- Information Systems and Management
- Management of Technology and Innovation