Anticipating personal cyber insurance disputes: evidence from an online survey in the US and UK
摘要
Personal cyber insurance has emerged in recent years to cover various digital risks associated with online fraud, security incidents, privacy violations, and even cyberbullying. This improves risk management options for individuals who understand the underlying risks and insurance coverage. However, misinformed buyers risk having claims denied, sometimes taking riskier decisions under the false belief that insurance covers the consequences. Cyber insurance is especially likely to create misunderstandings because both the insurance product and underlying risks are new to the customer. This paper explores the potential for future disputes by examining the gap between public understanding of cyber perils and the definitions found in insurance policies. We use a survey instrument to collect 3234 definitions of the major perils under personal cyber insurance. Participants defined each harm in their own words, which were qualitatively coded. The codebook captured structural elements, victim-adversary relationships, actions, motivations, technical specifics, and impacts on victims. We then mapped participant definitions to policy language to identify areas where public perceptions diverge from the coverage offered by cyber insurance policies. Our results show that participants correctly identify actions associated with cyber harms to varying degrees, and that education level and income have little effect on how correctly harms are defined. Our research has important public-policy implications that reiterate the need for clearer and more accessible insurance policy language.