Maritime cyber-insurance: The Norwegian case
2022 (English)In: International Journal of Critical Infrastructures, ISSN 1475-3219, E-ISSN 1741-8038, Vol. 18, no 3, p. 267-286Article in journal (Refereed) Published
Abstract [en]
Major cyber incidents such as the Maersk case have demonstrated that the lack of cyber security can induce huge operational losses in the maritime sector. Cyber-insurance is an instrument of risk transfer, enabling organisations to insure themselves against financial losses caused by cyber incidents and get access to incident management services. This paper provides an empirical study of the use of cyber-insurance in the Norwegian maritime sector, with a particular emphasis on the effects of the General Data Protection Regulation and the Directive on Security of Network and Information Systems. Norway constitutes a significant case as a country having a highly mature IT infrastructure and well-developed maritime industry. Interviews were conducted with supplier- and demand-side maritime actors. Findings point to a widespread lack of knowledge about cyber-insurance. Furthermore, neither GDPR nor NIS were found to be significant drivers of cyber-insurance uptake among maritime organisations.
Place, publisher, year, edition, pages
Inderscience Publishers , 2022. Vol. 18, no 3, p. 267-286
Keywords [en]
cyber-insurance, information sharing, policy, regulation, risk, security, Cybersecurity, Losses, Network security, Cybe-insurance, Cyber security, Financial loss, Incident Management, Maritime sector, Operational loss, Risk transfer, Insurance
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:ri:diva-61230DOI: 10.1504/ijcis.2022.125816Scopus ID: 2-s2.0-85140977068OAI: oai:DiVA.org:ri-61230DiVA, id: diva2:1715255
Note
Funding details: Myndigheten för Samhällsskydd och Beredskap, MSB, 2015-6986; Funding text 1: U. Franke was supported by the Swedish Civil Contingencies Agency, MSB, Agreement No. 2015-6986.
2022-12-012022-12-012023-06-08Bibliographically approved