Data Breach, Privacy, and Cyber Insurance

Law & Social Inquiry, 2017, Forthcoming

UC Irvine School of Law Research Paper No. 2017-23

26 Pages Posted: 1 Jun 2017

See all articles by Shauhin A. Talesh

Shauhin A. Talesh

University of California, Irvine School of Law

Date Written: May 25, 2017


While data theft and cyber risk are major threats facing organizations, existing research suggests that most organizations do not have sufficient protection to prevent data breaches, deal with notification responsibilities, and comply with privacy laws. This article explores how insurance companies play a critical, yet unrecognized, role in assisting organizations in complying with privacy laws and dealing with cyber theft. My analysis draws from and contributes to two literatures on organizational compliance: new institutional organizational sociology studies of how organizations respond to legal regulation and sociolegal insurance scholars’ research on how institutions govern through risk. Through participant observation at conferences, interviews, and content analysis of insurer manuals and risk management services, my study highlights how insurers act as compliance managers for organizations dealing with cyber security threats. Well beyond pooling and transferring risk, insurance companies offer cyber insurance and unique risk management services that influence the ways organizations comply with privacy laws.

Suggested Citation

Talesh, Shauhin A., Data Breach, Privacy, and Cyber Insurance (May 25, 2017). Law & Social Inquiry, 2017, Forthcoming, UC Irvine School of Law Research Paper No. 2017-23, Available at SSRN:

Shauhin A. Talesh (Contact Author)

University of California, Irvine School of Law ( email )

401 E. Peltason Drive, Ste. 4800L
Irvine, CA 92697
United States
818-439-2719 (Phone)

Here is the Coronavirus
related research on SSRN

Paper statistics

Abstract Views
PlumX Metrics