The Government Behind Insurance Governance: Lessons for Ransomware
Regulation and Governance, 2022
21 Pages Posted: 11 Nov 2022 Last revised: 12 Sep 2023
Date Written: October 24, 2022
Abstract
The insurance as governance literature focuses on the ability of private enterprises to collectively regulate, pool, and distribute risks. This paper analyzes how governments support insurance markets to maintain insurability and limit risks to society. We propose a new conceptual framework grouping government interventions into three dimensions: regulation of risky activity, public investment in risk reduction, and co-insurance. We apply this framework to six case studies, describing insurance markets’ reliance on public support in more analytically precise terms. We analyze how mature insurance markets overcame insurability challenges akin to those currently presented by extortive cybercrime. Private governance struggled when markets grew too big for informal coordination or when (tail) risks escalated. Government interventions vary widely. Some governments prioritize supporting economic activity while others concentrate on containing risks. Governments also choose between risk reduction and ex post socialization of losses. We apply these insights to the market for ransomware insurance, discussing the merits and potential hazards of current proposals for government intervention.
Keywords: Insurance markets, risk assessment & management, cybercrime, cyberattack, ransomware, governance, public policy, government regulation, liability, standard setting, data sharing
JEL Classification: G22, G28, K24
Suggested Citation: Suggested Citation