واکاوی مفهوم ریسک سایبری و روش‌های پوشش امنیت آن

حمزه, اسماء; میره, سمیه; کلهر, زهرا; فتحی نوران, هانیه

واکاوی مفهوم ریسک سایبری و روش‌های پوشش امنیت آن

نوع مقاله : مقاله پژوهشی

نویسندگان

¹ استادیار، پژوهشکده بیمه، تهران، ایران

² دکتری، پژوهشکده بیمه، تهران، ایران

³ کارشناسی ارشد،دانشگاه تهران، تهران، ایران

چکیده

با توجه به سرعت دیجیتالی شدن بسیاری از امور زندگی، افزایش حملات سایبری خارج از انتظار نیست. برخی از ریسک‌های سایبری امروزی با ویژگی‌های معمولی بیمه‌پذیر بودن مطابقت ندارند و نمی‌توان آنها را بیمه نمود. بیمهپذیری محدود با وجود تقاضای روبه رشد بیمه سایبری، چالش‌هایی را برای رشد بازار در بلندمدت ایجاد می‌کند. در ایران بیمه سایبری، به دلیل عدم شناخت و آگاهی لازم، چندان مورد توجه قرار نگرفته است.

در این مقاله یک تعریف استاندارد برای ریسک سایبری براساس تعاریف موجود ارائه شد. دسته‌بندی انواع ریسک‌ها براساس سناریوی حمله انجام شد. همچنین انواع حادثه و حوزه‌های پوشش بیمه آن مورد بررسی قرار گرفت. در بخشی از مقاله معیارهای بیمه‌پذیری ریسک سایبری و تغییرات برای بهبود بیمه‌پذیری ارائه گردید و همچنین انواع پوشش بیمه سایبری و پیامدهای ریسک سایبری در صنعت بیمه مورد بررسی قرار گرفت تا بتواند برای طراحی بیمه‌نامه‌های سایبری در کشور کمک‌کننده باشد.

کلیدواژه‌ها

20.1001.1.23224347.1404.13.1.3.8

موضوعات

مباحث دکترین، راهبردها و آینده پژوهی حوزه های مرتبط

عنوان مقاله [English]

Analyzing the concept of cyber risk and its security coverage methods

نویسندگان [English]

Asma Hamzeh ¹
Somayeh Mireh ²
Zahra Kalhor ³
Hanie Fathi Nooran ³

¹ Assistant Professor, Insurance Research Institute, Tehran, Iran

² PhD, Insurance Research Institute, Tehran, Iran

³ Master's degree, University of Tehran, Tehran, Iran

چکیده [English]

Considering the rapid digitization of many aspects of life, the increase in cyber attacks is not unexpected. Some of today's cyber risks do not meet the usual insurable characteristics and cannot be insured. Limited insurability despite growing demand for cyber insurance poses challenges for long-term market growth. In Iran, cyber insurance has not received much attention due to the lack of knowledge and awareness.

In this paper, a formal definition for cyber risk was presented. The types of risks were classified based on the attack scenario. Also, the types of accidents and their insurance coverage areas were examined. In a part of the paper, cyber risk insurability criteria and changes to improve insurability were presented, and also the types of cyber insurance coverage and the consequences of cyber risk in the insurance industry were examined in order to help design cyber insurance policies in the country.

کلیدواژه‌ها [English]

Cyber risk
Insurance coverage
Information exchange space

مراجع

[1] Heydari, S., Barzegar, M., & Mohammad Davoudi, A., (2023). “Identifying the factors affecting cyber security culture and awareness using thematic analysis”, Electronic and Cyber Defense, vol. 11(1), pp. 67-80. (In Persian).https://dor.isc.ac/dor/20.1001.1.23224347.1402.11.1.6.7

[2] Shoushian, K., Rashidi, A. J., & Dehghani, M. (2020). “Modeling of cyber-attacks obfuscation, based on alteration technique of attack”, Electronic and Cyber Defense, vol. 8(1), pp. 67-77. (In Persian).https://dor.isc.ac/dor/20.1001.1.23224347.1399.8.1.6.6

[3] Dadashtabar Ahmadi, K., & mahmoudbabouei, M. (2022). “The Presentation of an Active Cyber Defense Model for Application in Cyber Deception Technology”, Electronic and Cyber Defense, vol. 9(4), pp. 125-140. (In Persian).https://dor.isc.ac/dor/20.1001.1.23224347.1400.9.4.10.3

[4] Deibert, R. J., & Rohozinski, R. (2010). “Risking security: Policies and paradoxes of cyberspace security”, International Political Sociology, vol. 4(1), pp. 15-32.

[5] Mohammadzadeh, Azadeh, (2019). “The growing market of cyber insurance”, Iran and world insurance news monthly. pp. 11-17. (In Persian).

[6] Ale, B., Burnap, P., & Slater, D. (2015). “On the origin of PCDS–(Probability consequence diagrams)”, Safety science, vol. 72, pp. 229-239.

[7] Aven, T. (2014). “What is safety science?”, Safety science, 67, pp. 15-20.

[8] Allianz Risk Barometer.2023. Allianz Global Corporate & Specialty.

[9] Ventures, C. (2022). “2022 Official Cybercrime Report”, Cybersecurity Ventures.

[10] Roodpashti Rahmanai, Fereydoun, Zandi, Anahita, (2021). “Security Risk Models for Cyber Insurance”, Insurance Research Center. (In Persian)

[11] Tadaion, Mehtab, Ahmadian, Yasmin, Jahangirzadeh, Elnaz, Maleki, Hamid, (2021). “Investigating the impact of the organization's information technology capabilities on the development of new products and services (case study: development of cyber insurance as a new product in Saman Insurance Company)”, 20 and the 8th Insurance and Development Conference, Tehran, https://civilica.com/doc/1390759 (In Persian)

[12] Sadeghi, Ali, Asghari Eskoui, Mohammad Reza, (2021). “Review of risk estimation models in cyber insurance”, 28th Insurance and Development Conference, Tehran, https://civilica.com/doc/1390872 (In Persian)

[13] Mukhopadhyay, A., Chatterjee, S., Saha, D., Mahanti, A., & Sadhukhan, S. K. (2013). “Cyber-risk decision models: To insure IT or not?”, Decision Support Systems, vol. 56, pp. 11-26.

[14] Biener, C., Eling, M., & Wirfs, J. H. (2015). “Insurability of cyber risk: An empirical analysis”, The Geneva Papers on Risk and Insurance-Issues and Practice, vol. 40(1), pp. 131-158.

[15] Bartolini, D. N., Benavente-Peces, C., & Ahrens, A. (2017). “Using risk assessments to assess insurability in the context of cyber insurance”, In International Conference on E-Business and Telecommunications Springer, Cham, pp. 337-345.

[16] Trang, M. N. (2017). “Compulsory corporate cyber-liability insurance: Outsourcing data privacy regulation to prevent and mitigate data breaches”, Minn. JL Sci. & Tech., no. 18, vol. 389.

[17] Nurse, J. R., Axon, L., Erola, A., Agrafiotis, I., Goldsmith, M., & Creese, S. (2020). “The data that drives cyber insurance: A study into the underwriting and claims processes”, In 2020 International conference on cyber situational awareness, data analytics and assessment (CyberSA). IEEE, pp. 1-8.

[18] Awiszus, K., Knispel, T., Penner, I., Svindland, G., Voß, A., & Weber, S. (2022). “Modeling and Pricing Cyber Insurance--A Survey”, arXiv preprint arXiv:2209.07415

[19] Elsan, M., (2016). “Cyber space insurance: basic concepts and operational plan”, Insurance Research Center (In Persian)

[20] Burke, D. (2020, April 2). “Coronavirus Impact on Cyber Insurance Coverage”, Woodruff Sawyer. https://woodruffsawyer.com/cyber-liability/coronavirus-impact-cyber-insurance/

[21] Pourshikhi, M., Karam Elahi, A. and Moghadisi, M., (2013). “Introduction of security threats in the virtual world”, The first specialized conference of electrical and computer engineering. (In Persian)

[22 Swiss Re Institute, (2022). “Cyber insurance: strengthening resilience for the digital transformation”.

[23] Moody Kiddell and partnered, (2022). “Cyber Insurance”, https://www.mkpgroup.com.au-/insurance/cyber-insurance.

[24] Roso, J., (2020), “The Importance of Cyber Insurance in a Working from Home Economy”, https://www.linkedin.com/pulse/importance-cyber-insurance-working-from-home-economy-jonathan-ross

[25] Eiopa, (2021). “Joint Committee Report on risks and vulnerabilities in the EU financial system”.

[26] Deloitte, (2022). “Global Cyber Executive Briefing: Insurance”, https://www2.deloitte.com-/tw/en/pages/risk/articles/insurance.html