Strengthening Cybersecurity with Cyber Insurance Markets and Better Risk Assessment

86 Pages Posted: 1 Mar 2017 Last revised: 19 Dec 2017

See all articles by Jay P. Kesan

Jay P. Kesan

University of Illinois College of Law

Carol Mullins Hayes


Date Written: October 10, 2017


Cybersecurity is an increasingly important element of infrastructure and commerce. Courts are starting to shape the doctrine of third party liability for cyberattacks and data breaches. For businesses that rely on computers and the Internet, these developments affect their bottom line. There is a lot of interest in managing these emerging cyber risks and associated cyber losses, and many companies are looking to insurance policies for coverage.

Unfortunately, commercial general liability policies are becoming narrower as insurers increasingly remove electronic data from the scope of coverage. Cyber insurance is becoming increasingly available, but the market for these policies is plagued by informational asymmetries, data scarcity, and high potential for moral hazard problems.

In this article, we examine insurance as a risk management tool in the cybersecurity context, with special emphasis on the emerging market for cyber insurance and how to overcome the dangers to this market’s effectiveness and growth through better risk assessment. In order to understand the legal risk in policy coverage, we present an empirical study and findings regarding litigation concerning insurance coverage for cyber harms involving intangible property, digital data, and cybersecurity. Our work emphasizes the need for developing cyber-specific insurance products, instead of relying on commercial general liability (CGL) policies to cover cyber losses. We urge that collaboration between the government and private sector will be necessary to better estimate the technological risk in this cyber environment for insurance purposes. We also analogize the cyber insurance market to the Workers’ Compensation system and the National Flood Insurance Program (NFIP) and analyze the lessons that can be drawn from them.

Suggested Citation

Kesan, Jay P. and Hayes, Carol Mullins, Strengthening Cybersecurity with Cyber Insurance Markets and Better Risk Assessment (October 10, 2017). 102 Minn. L. Rev. 191 (2017), University of Illinois College of Law Legal Studies Research Paper No. 17-18, Available at SSRN: or

Jay P. Kesan (Contact Author)

University of Illinois College of Law ( email )

504 E. Pennsylvania Avenue
Champaign, IL 61820
United States
217-333-7887 (Phone)
217-244-1478 (Fax)


Carol Mullins Hayes

Independent ( email )

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics