Open Access. Powered by Scholars. Published by Universities.®
- Institution
Articles 1 - 5 of 5
Full-Text Articles in Law
Insurance And Enterprise: Cyber Insurance For Ransomware, Tom Baker, Anja Shortland
Insurance And Enterprise: Cyber Insurance For Ransomware, Tom Baker, Anja Shortland
All Faculty Scholarship
Selling insurance gives insurers an incentive to manage insured risks. The “insurance as governance” literature demonstrates that insurers often make insurance conditional on ex ante risk reduction or mitigation. But insurance governs in support of enterprise, not security for its own sake. Tight underwriting inhibits enterprise – not only for insured businesses but also the business of insurance. This paper highlights ex post loss reduction as a form of insurance-based governance. Drawing on interviews with industry insiders, we explore how insurers addressed the evolving problems of moral hazard, uncertainty, and correlated losses since the 1990s. We find that cyber insurance …
The Law And Politics Of Ransomware, Asaf Lubin
The Law And Politics Of Ransomware, Asaf Lubin
Articles by Maurer Faculty
What do Lady Gaga, the Royal Zoological Society of Scotland, the city of Valdez in Alaska, and the court system of the Brazilian state of Rio Grande do Sul all have in common? They have all been victims of ransomware attacks, which are growing both in number and severity. In 2016, hackers perpetrated roughly four thousand ransomware attacks a day worldwide, a figure which was already alarming. By 2020, however, ransomware attacks reached a staggering number, between 20,000 and 30,000 per day in the United States alone. That is a ransomware attack every eleven seconds, each of which cost victims …
The Case For Banning (And Mandating) Ransomware Insurance, Kyle D. Logue, Adam B. Shniderman
The Case For Banning (And Mandating) Ransomware Insurance, Kyle D. Logue, Adam B. Shniderman
Law & Economics Working Papers
Ransomware attacks are becoming increasingly pervasive and disruptive. Not only are they shutting down (or at least “holding up”) businesses and local governments all around the country, they are disrupting institutions in many sectors of the U.S. economy — from school systems, to medical facilities, to critical elements of the U.S. energy infrastructure as well as the food supply chain. Ransomware attacks are also growing more frequent and the ransom demands more exorbitant. Those ransom payments are increasingly being covered by insurance. That insurance offers coverage for a variety of cyber-related losses, including many of the costs arising out of …
Public Policy And The Insurability Of Cyber Risk, Asaf Lubin
Public Policy And The Insurability Of Cyber Risk, Asaf Lubin
Articles by Maurer Faculty
In June 2017, the food and beverage conglomerate Mondelez International became a victim of the NotPetya ransomware attack. Around 1,700 of its servers and 24,000 of the company’s laptops were suddenly and permanently unusable. Commercial supply and distribution disruptions, theft of credentials from many users, and unfulfilled customer orders soon followed, leading to losses that totaled more than $100 million. Unfortunately, Zurich, which had sold the company a property insurance policy that included a variety of coverages, informed Mondelez in 2018 that cyber coverage would be denied under the policy based on the “war exclusion clause.” This case, now pending, …
Insuring Against Cyber Risk: The Evolution Of An Industry (Introduction), Christopher French
Insuring Against Cyber Risk: The Evolution Of An Industry (Introduction), Christopher French
Journal Articles
Cyber risks are the newest risks of the 21st century. The breadth and cost of cyber attacks are astonishing. Worldwide damages caused by cyber attack are predicted to reach $6 trillion by 2021. Between 2015 and 2017, ransomware damages alone increased from $325 million to approximately $5 billion. In 2017, WannaCry ransomware shut down over 300,000 computer systems across 150 countries.
On April 13, 2018, the Penn State Law Review held a symposium to discuss the evolution of cyber risks and cyber insurance. The symposium was comprised of an eclectic group of legal practitioners and scholars who presented four articles. …