ABSTRACT
This chapter begins with the challenges that organisations face in dealing with cybersecurity and looks at the critical role of individuals' cybersecurity behaviour within an organisation in ensuring the cybersecurity of the organisation as a whole. It turns to models of human behaviour and decision-making drawn from psychology and behavioural economics, examining their key insights for cybersecurity and cyber insurance. The chapter considers the Theory of Planned Behaviour, Protection Motivation Theory, and others deriving from them, while from behavioural economics and also considers Dual-Thinking Theory and Prospect Theory. Cyber insurance policies are beginning to diversify but have tended to provide three basic types of coverage: liability coverage in the event of a data breach, a means to remedy the breach, and support to repair reputational damage. A significant factor behind poor cybersecurity within organisations is that individual employees behave in insecure ways, i.e. users' lack of “secure” behaviour may leave the company vulnerable to cyber attacks.
