Singapore Institute of Technology

File(s) stored somewhere else

Please note: Linked content is NOT stored on Singapore Institute of Technology and we can't guarantee its availability, quality, security or accept any liability.

Cyber Insurance and Post-Breach Services: A Normative Analysis

journal contribution
posted on 2024-06-27, 01:14 authored by Wendy Wan Yee HuiWendy Wan Yee Hui, Hui, Kai Lung, Wei Thoo YUE
Cyber insurance is becoming an essential tool for managing cybersecurity risks. In this study, we analyze how having the option to subscribe to cyber insurance services affects firms’ risk prevention and mitigation decisions. We model the scenario where the firm purchases cyber insurance in a competitive insurance market and compare it against the case when it does not purchase cyber insurance. When there is a breach, cyber insurance can help cover mitigation expenses and breach losses. Consistent with the prior literature, we find that in most cases cyber insurance exacerbates ex ante moral hazard by decreasing expected risk prevention. However, it enhances ex post efforts by increasing expected risk mitigation, which can lead to more positive outcomes for the insured firm. The mechanism involves designing the contract with a delicate calibration of the coverage of breach losses and the coinsurance rate. Moreover, the findings highlight the importance of a healthy risk mitigation service market in managing cybersecurity risks. Funding: This research was supported in part by the Hong Kong SAR General Research Fund project [16502417]. Supplemental Material: The e-companion is available at .


Journal/Conference/Book title

Service Science

Publication date


Usage metrics


    No categories selected


    Ref. manager