{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,4]],"date-time":"2025-09-04T13:55:38Z","timestamp":1756994138662,"version":"3.40.3"},"publisher-location":"Cham","reference-count":42,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319455068"},{"type":"electronic","value":"9783319455075"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-45507-5_12","type":"book-chapter","created":{"date-parts":[[2016,8,22]],"date-time":"2016-08-22T11:11:04Z","timestamp":1471864264000},"page":"175-190","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Differentiating Cyber Risk of Insurance Customers: The Insurance Company Perspective"],"prefix":"10.1007","author":[{"given":"Inger Anne","family":"T\u00f8ndel","sequence":"first","affiliation":[]},{"given":"Fredrik","family":"Seehusen","sequence":"additional","affiliation":[]},{"given":"Erlend Andreas","family":"Gj\u00e6re","sequence":"additional","affiliation":[]},{"given":"Marie Elisabeth Gaup","family":"Moe","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,8,23]]},"reference":[{"key":"12_CR1","unstructured":"IEC 60300-3-9 Dependability management Part 3: Application guide Section 9: Risk analysis of technological systems Event Tree Analysis (ETA)"},{"issue":"3","key":"12_CR2","doi-asserted-by":"publisher","first-page":"385","DOI":"10.1177\/146879410100100307","volume":"1","author":"J Attride-Stirling","year":"2001","unstructured":"Attride-Stirling, J.: Thematic networks: an analytic tool for qualitative research. Qual. Res. 1(3), 385\u2013405 (2001)","journal-title":"Qual. Res."},{"issue":"3","key":"12_CR3","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1109\/MSP.2007.57","volume":"5","author":"WS Baer","year":"2007","unstructured":"Baer, W.S., Parkinson, A.: Cyberinsurance in IT security management. IEEE Secur. Priv. 5(3), 50\u201356 (2007)","journal-title":"IEEE Secur. Priv."},{"key":"12_CR4","unstructured":"Bandyopadhyay, T., Shidore, S.: Towards a managerial decision framework for utilization of cyber insurance instruments in IT security. In: AMCIS 2011 Proceedings\u00a0- All Submissions (2011)"},{"issue":"11","key":"12_CR5","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1145\/1592761.1592780","volume":"52","author":"T Bandyopadhyay","year":"2009","unstructured":"Bandyopadhyay, T., Mookerjee, V.S., Rao, R.C.: Why IT managers don\u2019t go for cyber-insurance products. Commun. ACM 52(11), 68\u201373 (2009)","journal-title":"Commun. ACM"},{"key":"12_CR6","doi-asserted-by":"crossref","unstructured":"Ben-Gal, I.: Bayesian networks. In: Encyclopedia of Statistics in Quality and Reliability (2007)","DOI":"10.1002\/9780470061572.eqr089"},{"key":"12_CR7","doi-asserted-by":"crossref","unstructured":"Bernsmed, K., T\u00f8ndel, I.A.: Forewarned is forearmed: indicators for evaluating information security incident management. In: 2013 Seventh International Conference on IT Security Incident Management and IT Forensics (IMF), pp. 3\u201314. IEEE (2013)","DOI":"10.1109\/IMF.2013.14"},{"issue":"1","key":"12_CR8","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1057\/gpp.2014.19","volume":"40","author":"C Biener","year":"2015","unstructured":"Biener, C., Eling, M., Wirfs, J.H.: Insurability of cyber risk: an empirical analysis. Geneva Pap. Risk Insur. Issues Pract. 40(1), 131\u2013158 (2015)","journal-title":"Geneva Pap. Risk Insur. Issues Pract."},{"key":"12_CR9","unstructured":"B\u00f6hme, R., Schwartz, G.: Modeling cyber-insurance: towards a unifying framework. In: Workshop on the Economics in Information Security (WEIS) (2012)"},{"key":"12_CR10","unstructured":"Cashell, B., Jackson, W.D., Jickling, M., Webel, B.: The economic impact of cyber-attacks. Technical report, CRS Report for Congress, April 2004"},{"key":"12_CR11","unstructured":"Chickowski, E.: 10 things IT probably doesn\u2019t know about cyber insurance, 23 September 2014"},{"key":"12_CR12","unstructured":"Department of Homeland Security: Enhancing resilience through cyber incident data sharing and analysis: The value proposition for a cyber incident data repository. Technical report (2015)"},{"key":"12_CR13","unstructured":"ENISA: Incentives and barriers of the cyber insurance market in europe. Technical report, 28 June 2012"},{"key":"12_CR14","unstructured":"EY: Mitigating cyber risk for insurers, part 2: Insights into cyber security and risk. Technical report, Ernst Young Global Limited (2014)"},{"key":"12_CR15","first-page":"58","volume":"2","author":"S Fenz","year":"2010","unstructured":"Fenz, S., Ekelhart, A.: Verification, validation, and evaluation in information security risk management. IEEE Secur. Priv. 2, 58\u201365 (2010)","journal-title":"IEEE Secur. Priv."},{"issue":"3","key":"12_CR16","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1145\/636772.636774","volume":"46","author":"LA Gordon","year":"2003","unstructured":"Gordon, L.A., Loeb, M.P., Sohail, T.: A framework for using insurance for cyber-risk management. Commun. ACM 46(3), 81\u201385 (2003)","journal-title":"Commun. ACM"},{"key":"12_CR17","doi-asserted-by":"publisher","DOI":"10.1201\/9781420013283","volume-title":"Complete Guide to Security and Privacy Metrics","author":"DS Herrmann","year":"2007","unstructured":"Herrmann, D.S.: Complete Guide to Security and Privacy Metrics. Auerbach Publications, Boca Raton (2007)"},{"key":"12_CR18","unstructured":"HM Government UK, Marsh Ltd., UK cyber security: The role of insurance in managing and mitigating the risk. \n                      https:\/\/www.gov.uk\/government\/publications\/uk-cyber-security-the-role-of-insurance"},{"key":"12_CR19","unstructured":"International Electrotechnical Commission: IEC 61025 Fault Tree Analysis (1990)"},{"key":"12_CR20","unstructured":"International Organization for Standardization: ISO\/IEC 27004: Information technology - Security techniques - Information security management - Measurement. ISO (2009)"},{"key":"12_CR21","unstructured":"International Organization for Standardization: ISO\/IEC 27001: Information technology - Security techniques - Information security management systems - Requirements. ISO (2013)"},{"key":"12_CR22","unstructured":"Lloyd\u2019s, Cambridge Centre for Risk Studies: Business blackout - the insurance implications of a cyber attack on the us power grid. Technical report, Lloyd\u2019s (2015)"},{"key":"12_CR23","volume-title":"Model-Driven Risk Analysis: The CORAS Approach","author":"MS Lund","year":"2010","unstructured":"Lund, M.S., Solhaug, B., St\u00f8len, K.: Model-Driven Risk Analysis: The CORAS Approach. Springer, Heidelberg (2010)"},{"key":"12_CR24","unstructured":"Marotta, A., Martinelli, F., Nanni, S., Yautsiukhin, A.: A survey on cyber-insurance. Technical report IIT TR-17\/2015, Ubstutyti du Ubfirnatuca e Telematica (2015)"},{"key":"12_CR25","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1109\/MSP.2015.137","volume":"6","author":"PH Meland","year":"2015","unstructured":"Meland, P.H., T\u00f8ndel, I.A., Solhaug, B.: Mitigating risk with cyberinsurance. IEEE Secur. Priv. 6, 38\u201343 (2015)","journal-title":"IEEE Secur. Priv."},{"key":"12_CR26","unstructured":"Protection, N., Directorate, P.: Cybersecurity insurance workshop readout report. Technical report, U.S. Department of Homeland Security (2012)"},{"key":"12_CR27","unstructured":"Protection, National, Directorate, Programs: Cyber risk culture roundtable readout report. Technical report, Department of Homeland Security (2013)"},{"key":"12_CR28","unstructured":"Protection, National, Directorate, Programs: Cyber insurance roundtable readout report - health care and cyber risk management: Cost\/benefit approaches. Technical report, Department of Homeland Security (2014)"},{"key":"12_CR29","unstructured":"Protection, National, Directorate, Programs: Insurance industry working session readout report. Technical report, Department of Homeland Security (2014)"},{"key":"12_CR30","unstructured":"NetDilgence: Netdiligence cyber claims study 2014. Technical report, NetDilligence (2014)"},{"key":"12_CR31","unstructured":"Nielsen, D.S.: The cause\/consequence diagram method as a basis for quantitative accident analysis. Technical report, Danish Atomic Energy Commission, Risoe. Research Establishment (1971)"},{"key":"12_CR32","unstructured":"\u00d8ien, K., Massaiu, S., Tinmannsvik, R., Strseth, F.: Development of early warning indicators based on resilience engineering. In: International Probabilistic Safety Assessment and Management Conference, PSAM 2010, pp. 7\u201311 (2010)"},{"key":"12_CR33","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1109\/MSP.2015.118","volume":"6","author":"R Oppliger","year":"2015","unstructured":"Oppliger, R.: Quantitative risk analysis in information security management: a modern fairy tale. IEEE Secur. Priv. 6, 18\u201321 (2015)","journal-title":"IEEE Secur. Priv."},{"key":"12_CR34","unstructured":"Pal, R., Hui, P.: On differentiating cyber-insurance contracts a topological perspective. In: 2013 IFIP\/IEEE International Symposium on Integrated Network Management (IM 2013), pp. 836\u2013839. IEEE (2013)"},{"key":"12_CR35","unstructured":"Perlroth, N., Harris, E.A.: Cyberattack insurance a challenge for business, 8 June 2014"},{"key":"12_CR36","unstructured":"Ponemon: Managing cyber security as a business risk: Cyber insurance in the digital age. Technical report, Ponemon Institute LLC, August 2013"},{"key":"12_CR37","unstructured":"Ponemon: 2014 cost of data breach study: Global analysis. Technical report, Ponemon Institute LLC, May 2014"},{"issue":"12","key":"12_CR38","first-page":"21","volume":"24","author":"B Schneier","year":"1999","unstructured":"Schneier, B.: Attack trees. Dr. Dobbs J. 24(12), 21\u201329 (1999)","journal-title":"Dr. Dobbs J."},{"key":"12_CR39","doi-asserted-by":"crossref","unstructured":"Sulaman, S.M., Weyns, K., H\u00f6st, M.: A review of research on risk analysis methods for IT systems. In: Proceedings of the 17th International Conference on Evaluation and Assessment in Software Engineering, pp. 86\u201396. ACM (2013)","DOI":"10.1145\/2460999.2461013"},{"key":"12_CR40","unstructured":"T\u00f8ndel, I.A., Meland, P.H., Omerovic, A., Gj\u00e6re, E.A., Solhaug, B.: Using cyber-insurance as a risk management strategy: Knowledge gaps and recommendations for further research. Technical report SINTEF A27298, SINTEF (2015)"},{"key":"12_CR41","unstructured":"Toregas, C., Zahn, N.: Insurance for cyber attacks: The issue of setting premiums in context. Technical report, The George Washington University, 7 January 2014"},{"key":"12_CR42","first-page":"21","volume-title":"Essential Characteristics of Resilience. Resilience Engineering: Concepts and Precepts","author":"DD Woods","year":"2006","unstructured":"Woods, D.D.: Essential Characteristics of Resilience. Resilience Engineering: Concepts and Precepts, pp. 21\u201334. Ashgate, Aldershot (2006)"}],"container-title":["Lecture Notes in Computer Science","Availability, Reliability, and Security in Information Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-45507-5_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,8,22]],"date-time":"2020-08-22T00:18:21Z","timestamp":1598055501000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-45507-5_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319455068","9783319455075"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-45507-5_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"23 August 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CD-ARES","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Availability, Reliability, and Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Salzburg","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Austria","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2016","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31 August 2016","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 September 2016","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ieeeares2016","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}