On the efficacy of modern cyber (re)insurance: an analysis of policy coverage, capacity constraints, cyber warfare, and data availability

Cyber risks pose a serious threat due to the rapid digitalization of our world. Cyber insurance is emerging as a crucial risk transfer mechanism within comprehensive cyber risk management strategies. Their unpredictable nature and the scarcity of data on cyber risks present numerous challenges to the insurance industry situation echoed in the academic literature that highlights a significant research gap that could assist insurers in overcoming these obstacles. This thesis makes a significant contribution to bridging this gap by analyzing the effectiveness of cyber insurance in the (re)insurance markets, with a specific focus on data availability, policy clarity, and risk transfer strategies. Employing mixed methods, the research develops a detailed understanding of the current landscape, challenges, and practical solutions in the field of cyber insurance. This methodology encompasses a systematic review, inductive qualitative content analysis of cyber insurance policies, and 69 semi-structured interviews with insurance industry representatives. The research identifies a notable gap in open databases, undermining collective efforts to better manage cyber risks. It highlights the absence of standardized cyber policies, with insurers using varying terms and definitions, leading to significant confusion regarding coverages and exclusions. Moreover, it is noted that cyber insurers diversify their aggregate and cyber risk accumulation across various factors, including geography, technology, and sectors. The thesis proposes cyber risk management strategies and approaches to support the development of a sustainable and robust cyber insurance market. The results aim to offer valuable insights to cyber insurers, customers, policymakers, and stakeholders in the fields of security, risk management, and regulation. This is with the goal of enhancing the resilience of companies and institutions to cyber risks, ultimately leading to a holistic improvement in their ability to withstand such threats.