Cyber Liability and Cyber Insurance

At the RISCS Community Meeting of October 2018, we discussed ‘Economics and Incentives’ in cyber security. To follow on from that event we chose to explore interlocking themes: ‘Cyber liability’ and ‘Cyber insurance’.  Our aim was to combine the outputs of these two events to explore the research questions that remain unanswered.

Cyber insurance is not new, and we have arguably not yet seen the kind of behaviour change that other types of insurance have initiated. Understanding why that is, how the insurance sector could optimally evolve and what it needs to do to become a change agent in cyber security, was at the heart of this meeting’s agenda.  Chains of legal and financial liability are subject to increasing attention and discussion.  Chains of risk ownership remain even less clear for cyber and are often hampered by a gulf of understanding between technical experts and business leaders.  What is the current state of play and does cyber insurance offer an opportunity to align complex layers of nested liability with financial and legal chains of accountability?

Workshop Report

“Cyber Liability and Cyber Insurance: Analysis of the Chains of Liability Workshops”


Meet the speakers...

Thomas Clayton, Zurich Insurance Plc
Thomas Clayton

Thomas Clayton

Thomas Clayton is responsible for the underwriting of major global customers in the London Market and has played a key role in the development of Zurich’s Cyber proposition including its value added services and policy wording. As a Subject Matter Expert within Zurich, Thomas provides Cyber underwriting expertise and support to other European countries. Thomas has contributed towards various media articles and podcasts and is a regular public speaker on Cyber Insurance within and outside the market.

Title:  What is cyber liability? What forms does it take?

Prof Awais Rashid

Awais Rashid

Awais Rashid is Professor of Cyber Security at the University of Bristol, UK. He leads multiple programmes of research on cyber security of large-scale infrastructures. He also leads the National Cyber Security Programme project on developing a Cyber Security Body of Knowledge (CyBOK). He is a member of the EPSRC Digital Economy Programme Advisory Board and a Fellow of the Alan Turing Institute.

Title: Software warranties and cyber security 

Daniel Wood

Daniel Wood

Daniel is a doctoral student in the Computer Science at the University of Oxford. He joined via the Centre for Doctoral Training in cyber security, which teaches a multi-disciplinary approach to research. He received an MSci in mathematics from the University of Bristol and his current research focuses on the economics of information security.  The talk is based on research conducted at the University of Tulsa with Professor Tyler Moore. His visit was made possible by a Fulbright Cyber Security Award.

Title: What can we learn about cyber insurance from regulatory filings in the USA?

Stephen Ridley

Stephen Ridley

Stephen is the Lead Underwriter for cyber and data risks at Hiscox UK. With more than 9 years of experience specialising in cyber and data risks insurance, he is widely regarded as a thought leader in the field, and sits on the Cyber Committee for the Association of British Insurers. He regularly speaks at industry events and is frequently featured in both trade and national press. Outside of work, Stephen is a keen triathlete, and represented Great Britain at the European Championships in June 2017.

Title: Cyber insurance for small and medium-sized enterprises