The invisible hole of cybersecurity insurance services

Abstract

This study examines the cybersecurity insurance market in the United States (U.S.) in order to reveal if an “invisible hole” of services and information exists in this market. This is performed by mapping the cybersecurity insurance services, offered by insurance companies, to cope with cybersecurity risks, and finding in which way these services are exposed, visible and comprehensive, in the insurance companies' websites. The research questions examined the extent cybersecurity insurance services offered by the main U.S. insurance companies; the visibility of such services on their websites; and the types of services offered. The sample included 44 insurance companies based upon nine lists of the top U.S. insurance companies. The findings present that most companies (68%) offer cybersecurity insurance services, while only a few (26.92%) expose such information in a visible way. Moreover, on the one hand, the insurance companies use general terms for services, which may be blur and ambiguous, while on the other hand, there is a widespread of specific services, most of them (81%) provided only by few companies. These findings may derive due to insufficient understanding of cybersecurity insurance clients' needs and may reflect the lack of maturity of the cybersecurity insurance market, as matured marketplaces are mostly more standardized. This study demonstrates that there is a long way to advance until the insurance market for cybersecurity risks will be mature, customers (businesses and organizations) will understand the needs for such insurance, and insurance companies will develop and offer relevant insurance services.