Abstract

Abstract Cyber insurance is mostly understood as a financial product that enables cyber risk mitigation and helps minimize losses from cyberattacks—particularly as reliance on digital operations continues to grow. Current research shows that cyber insurance can enhance a company’s overall cyber-risk management and improve organizational cybersecurity across three phases: pre-purchase, post-purchase, and post-cyberattack (Strzelczyk and Puławska, 2025). Surprisingly, cyber insurance remains an underappreciated product among executives. One key factor supporting the growth of the cyber insurance market in Europe is the rise of new regulations. Cybersecurity has recently become the focus of more regulatory initiatives, with the NIS2 Directive and the Digital Operational Resilience Act (DORA) being the most significant. The NIS2 Directive aims to raise the overall level of cybersecurity in the European Union. While it does not explicitly address cyber insurance, it requires key service operators to implement appropriate technical and organizational measures to manage risks. Adequate cyber insurance may be necessary to meet these obligations. DORA, meanwhile, introduces the principle of full board responsibility for digital operational security—another regulatory demand that could be supported through suitable cyber insurance policies. Despite this regulatory push for improved cybersecurity, executives still seem hesitant to adopt cyber insurance solutions. Given this situation, the aim of this study is to understand the reasons behind the limited development of the cyber insurance market. We also seek to examine the perceptions of experts from both the insurance industry and the cybersecurity sector regarding whether the cyber insurance products offered by insurers and intermediaries have kept pace with the dynamic changes in cybersecurity. To achieve this, we plan to conduct semi-structured interviews with key stakeholders in insurance company management and cybersecurity specialists in Poland. Our preliminary studies indicate that insurance brokers observe high client interest in cyber insurance. However, many incidents fail to trigger payouts due to insufficient or invalid policies, pointing to a critical gap in coverage and product adequacy. The findings suggest strong market potential, but also highlight major barriers: limited customer awareness of cyber risks, a shortage of cyber risk professionals, restricted access to appropriate technology, and a lack of standardized practices and data collection. These challenges reduce the effectiveness of existing products and hinder market growth. Acknowledgement This work was supported by the research financed by the National Science Centre, Poland (grant number: UMO-2022/45/B/HS4/00965). References Strzelczyk, W. & Puławska, K. (2025) Unraveling the Role of Cyber Insurance in Fortifying Organizational Cybersecurity, MIS Quarterly Executive: 24(1), Article 5, https://aisel.aisnet.org/misqe/vol24/iss1/5 DORA. (2020). Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014. NIS2. (2022). Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148.

Comments

tpp1433

Download

Share

COinS