Conclusions

This chapter develops models that make use of Adversarial Risk Analysis and that enable dynamic cyber insurance pricing and provide a better understanding of accumulation risk. It explores how to leverage behavioural economics insights to nudge better cybersecurity behaviour. The cybersecurity challenge may be particularly acute for Small and Medium Enterprises (SME), yet the sparse research that has been done on organisational decision-making involving cybersecurity and cyber insurance has tended to ignore SMEs in favour of large companies. The chapter examines the risk generation decisions of threat actors, seeking to understand and make forecasts about their behaviour and likelihood of deciding to attack an organisation. It proposes a model to better understand accumulation risk, or the risk that a single event could spread to multiple lines of business. Policy measures to foster trust between companies and insurers are key for cyber insurance to be taken up on a large scale.