Abstract
This manuscript systematically reviews several strands of literature on cybersecurity and draws attention to the possible moral hazard problem associated with managers’ choices on information security-related investments. First, a careful synthesis of the literature shows that managers have incentives to behave myopically and to defer investments in data security to meet the financial market’s earnings expectations. Second, although adequate cyber risk management involves both risk mitigation and risk transfer, risk transfer through the purchase of cyber insurance is problematic. Despite the increase of insurers and written premiums suggesting growth in the cyber insurance industry, the most recent industry reports point out the increase in loss ratios, the decrease in available cyber insurance limits, and the implementation of more restrictive coverage as a sign of insurers controlling their risk exposure. Finally, existing regulatory frameworks in the U.S. and the European Union (EU) do not negate the trend of increasing numbers of cyberattacks. In conclusion, we argue that an optimal level of regulation is needed but has yet to be enacted to reduce the cyber risk exposure of businesses and insurers, as well as to protect consumers and the overall economy.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
