As many economic surveys (e.g., the ones of Bitterly, Ponemon, NetDigital) outline Cyber insurance is a fast-growing market. It provides an alternative solution for the treatment of residual cyber risks and smooths potential losses, which may be caused by especially harmful events (e.g., big data breaches). Therefore, nowadays much attention is devoted to the topic in practice as well as in research.
Regardless of the cyber insurance market grows and high attention to the topic, cyber insurance is immature and faces many problems. The most troublesome are lack of available statistics, information asymmetries, risk correlation and interdependency of risk. Research, combining the knowledge of cyber security, cyber security economics and insurance, is required to overcome these difficulties and foster the growing market even more.
A crucial part of insurance is correct and reliable risk assessment, which provides the information to the insurer and insured about expected losses. In the cyber world, this usual management practice faces a number of difficulties, to name a few: lack of available data, rapidly changing threat landscape, quick evolution of technologies and agile systems, large intangible losses, etc.
Taking into account the above-mentioned facts, we see that the research in risk assessment for cyber insurance is challenging and promising at the same time. It requires multidisciplinary knowledge in such topics as cyber security, security economics, threat management, insurance, risk assessment, etc. The chosen research topic is broad enough to study various possible problems, yet all of them can be easily glued in a solid framework, which we are going to build around the idea of a comprehensive and dynamic risk assessment approach.