Despite positive expectations, cyber-insurance products have failed to take center stage in the management of IT security risk. Market inexperience, leading to conservatism in pricing cyber-insurance instruments, is often cited as the primary reason for the limited growth of the cyber-insurance market. In contrast, here we provide a demand-side explanation for why cyber-insurance products have not lived up to their initial expectations. We highlight the presence of information asymmetry between customers and providers, showing how it leads to overpricing cyber-insurance contracts and helps explain why cyber insurance might have failed to deliver its promise as a cornerstone of IT security-management programs.
Communications of the ACM - Scratch Programming for All
Digital Object Identifier (DOI)
Bandyopadhyay, Tridib, Vijay S. Mookerjee, and Ram C. Bao. "Why IT managers don't go for cyber-insurance products." Communications of the ACM - Scratch Programming for All 52, no. 11 (2009): 68-73.