An Economical Impact? How Cyber Insurance Shapes Incident Response

According to the recent mixed methods study on how cyber insurance shapes incident response, insurers undoubtedly face incentives to concentrate work among the most efficient firms but may lack the information to do so given insurers do not monitor service quality and must rely on second-hand reports. The study goes on to note that the only thing insurers reliably monitor is cost, which may lead to the commoditization of incident response that rewards cost-cutting above quality.

en flag
nl flag
et flag
fi flag
fr flag
de flag
he flag
ja flag
lv flag
pl flag
pt flag
ru flag
es flag

Content Assessment: An Economical Impact? How Cyber Insurance Shapes Incident Response

Information - 95%
Insight - 100%
Relevance - 90%
Objectivity - 95%
Authority - 95%



A short percentage-based assessment of the qualitative benefit of the post highlighting recent research on how cyber insurance shapes incident response.

Editor’s Note: From time to time, ComplexDiscovery highlights publicly available or privately purchasable announcements, content updates, and research from cyber, data, and legal discovery providers, research organizations, and ComplexDiscovery community members. While ComplexDiscovery regularly highlights this information, it does not assume any responsibility for content assertions.

To submit recommendations for consideration and inclusion in ComplexDiscovery’s cyber, data, and legal discovery-centric service, product, or research announcements, contact us today.

Industry Research by Daniel W. Woods and Rainer Böhme

How Cyber Insurance Shapes Incident Response: A Mixed Methods Study

The coverage and cost of cyber insurance is increasingly at the forefront of incident response considerations given the proliferation of cyber attacks targeted at businesses, governments, and consumers. Shared with permission from author Daniel W. Woods, the following paper explores how cyber insurance shapes incident response and examines the economics associated with the transfer of cyber risk to insurers.


Cyber insurance policies commonly indemnify the cost of incident response services. This creates a multi-layered economic problem in that the policyholder hiring external firms incurs transaction costs and the insurer paying the bill creates a principal-agent problem. We adopted a multistage research design to understand how insurers address the problem. First, we iteratively derived 12 stylized facts from 29 expert interviews and a sample of 480 partnerships with incident response firms made by 24 insurers. Second, we validated these facts via a workshop attended by 61 unique participants. The results show insurers have created a private ordering by controlling which firms are selected, negotiating prices ahead of time, and punishing low service quality by withholding future work. A minority of firms win the majority of work, thereby building trust through repeated interactions. We discuss how the findings relate to the economics of incident response, cyber insurance as governance, and ransomware.


Cyber insurance allows firms to transfer cyber risk to an insurer. This creates a situation—known as a principal-agent problem—in which the agent (the policyholder) can make decisions that negatively impact the principal (the insurer). Early research predicted that insurers would address the problem by offering incentives for ex-ante security investments that reduce the likelihood of a claim. So far, this has been undermined by an over supply of insurance and a lack of knowledge about which investments effectively reduce risk In actuality, the most significant intervention sees insurers indemnify the cost of incident response (IR) services. Doing so opens up a Pandora’s box of economic problems. Why do insurers pay for external services and not offer subsidies for internal response? How do insurers ensure the policyholder selects an effective firm and negotiates a reasonable contract? Who is responsible for monitoring service quality?

These questions are naturally framed within transaction costs economics. Ronald Coase’s theory of the firm speaks to when services are contracted on the market and when they are organized within the firm. Coase argues that firms emerge to avoid transaction costs associated with finding, negotiating, and monitoring service contracts tendered on the market. Coase’s theory suggests firms will hire external services if the associated transaction costs can be managed. Applying the same logic to cyber insurance requires care because the agent who transacts the service has different incentives to the principal who pays the bill. This paper aims to build a concise and correct description of how cyber insurance solves the principal-agent problem.

Complete Paper: How Cyber Insurance Shapes Incident Response: A Mixed Methods Study (PDF) – Mouseover to Scroll

How Cyber Insurance Shapes Incident Response - A Mixed Methods Study

Read the original paper.

Reference: Woods, Daniel, and Rainer Böhme. 2021. How Cyber Insurance Shapes Incident Response: A Mixed Methods Study

Additional Reading

Source: ComplexDiscovery

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

ComplexDiscovery is an online publication that highlights cyber, data and legal discovery insight and intelligence ranging from original research to aggregated news for use by business, information technology, and legal professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data and legal discovery organizations. Registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world, ComplexDiscovery OÜ operates virtually worldwide to deliver marketing consulting and services.

U.S. Department of Treasury Takes Actions to Counter Ransomware

According to Treasury Secretary Janet L. Yellen, “Ransomware and cyber-attacks are...

The NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE): September 2021 Cyber Events Report

The twelfth installment in the cyber events series published by the...

[Legal Education Webcast] Breaches, Responses, and Challenges: Cybersecurity Essentials That Every Lawyer Should Know

Every large corporation and organization today face the significant threat of...

Classifying Ransomware? A Ransomware Classification Framework Based on File-Deletion and File-Encryption Attack Structures

This paper evaluates attack methodologies of a ransomware attack: the underlying...

Mitratech Acquires Alyne

According to Mike Williams, CEO of Mitratech, "The combination of Alyne...

Magnet Forensics Acquires DME Forensics

According to the announcement, under the terms of the agreement, Magnet...

Consilio to Acquire Legal Consulting and eDiscovery Business Units of Special Counsel from Adecco

According to Laurie Chamberlin, Head of Professional Recruitment and Solutions North...

Nuix Acquires Natural Language Processing Company

According to Nuix CEO Rod Vawdrey, “Topos will strengthen Nuix’s product...

A New Era in eDiscovery? Framing Market Growth Through the Lens of Six Eras

There are many excellent resources for considering chronological and historiographical approaches...

An eDiscovery Market Size Mashup: 2020-2025 Worldwide Software and Services Overview

While the Compound Annual Growth Rate (CAGR) for worldwide eDiscovery software...

Resetting the Baseline? eDiscovery Market Size Adjustments for 2020

An unanticipated pandemeconomic-driven retraction in eDiscovery spending during 2020 has resulted...

Home or Away? New eDiscovery Collection Market Sizing and Pricing Considerations

One of the key home (onsite) or away (remote) decisions that...

Five Great Reads on Cyber, Data, and Legal Discovery for September 2021

From countering ransomware to predictive coding and packaged services, the September...

Five Great Reads on Cyber, Data, and Legal Discovery for August 2021

From the interplay of digital forensics in eDiscovery to collecting online...

Five Great Reads on Cyber, Data, and Legal Discovery for July 2021

From considerations for cyber insurance and malware to eDiscovery business confidence...

Five Great Reads on eDiscovery for June 2021

From remediating cyberattacks to eDiscovery pricing, the June 2021 edition of...

More Keepers? Predictive Coding Technologies and Protocols Survey – Fall 2021 Results

From the most prevalent predictive coding platforms to the least commonly...

Glowing Expectations? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2021

In the summer of 2021, 63.3% of survey respondents felt that...

Issues Impacting eDiscovery Business Performance: A Summer 2021 Overview

In the summer of 2021, 24.4% of respondents viewed increasing types...

Looking Up? eDiscovery Operational Metrics in the Summer of 2021

In the summer of 2021, 80 eDiscovery Business Confidence Survey participants...