Five Approaches to Insuring Cyber Risks

42 Pages Posted: 31 Mar 2021 Last revised: 6 Jan 2022

See all articles by Christopher C. French

Christopher C. French

The Pennsylvania State University (University Park) – Penn State Law

Date Written: March 24, 2021


Cyber risks are some of the most dangerous risks of the twenty-first century. Many types of businesses, including retail stores, healthcare entities, and financial institutions, as well as government entities, are the targets of cyber attacks. The simple reality is that no computer security system is completely safe. They all can be breached if the hackers are skilled enough and determined. Consequently, the worldwide damages caused by cyber attacks are predicted to reach $10.5 trillion by 2025. Insuring such risks is a monumental task.

The cyber insurance market currently is fragmented with hundreds of insurers selling their own cyber risk insurance policies that cover different types of cyber risks. This means the purchasers of cyber insurance must be experts in both insurance and cyber security in order to make a knowledgeable purchase. And, even knowledgeable purchasers of cyber insurance can only obtain limited coverage for cyber risks. This is because the insurance is sold on a named peril, as opposed to all-risk, basis and the policies contain numerous exclusions. Cyber policies also have relatively low policy limits in comparison to other lines of insurance and the enormity of the risks presented.

This Article explores ways the cyber insurance market could be improved. In doing so, it analyzes the current cyber insurance market, including the history of cyber insurance and the challenges that insuring cyber risks present. The Article then offers five different approaches to insuring cyber risks moving forward that address many of the problems with the current cyber insurance market. Ultimately, the Article concludes the fifth approach, the novel “All-Risk Private-Public” approach, would be the best one.

Keywords: cyber, insurance, correlated risks, liability, all-risk, hack, cyber attack, data breach, electronic data, moral hazard

JEL Classification: K12, K13, K23, M15

Suggested Citation

French, Christopher C., Five Approaches to Insuring Cyber Risks (March 24, 2021). 81 Md. L. Rev. 103 (2021), Penn State Law Research Paper No. 13-2021, Available at SSRN: or

Christopher C. French (Contact Author)

The Pennsylvania State University (University Park) – Penn State Law ( email )

Lewis Katz Building
University Park, PA 16802
United States

Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
PlumX Metrics