{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,19]],"date-time":"2026-03-19T19:18:12Z","timestamp":1773947892219,"version":"3.50.1"},"reference-count":49,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2017,3,18]],"date-time":"2017-03-18T00:00:00Z","timestamp":1489795200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Inf Syst Front"],"published-print":{"date-parts":[[2019,4]]},"DOI":"10.1007\/s10796-017-9737-3","type":"journal-article","created":{"date-parts":[[2017,3,18]],"date-time":"2017-03-18T14:08:52Z","timestamp":1489846132000},"page":"301-325","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["A model to analyze the challenge of using cyber insurance"],"prefix":"10.1007","volume":"21","author":[{"given":"Trid","family":"Bandyopadhyay","sequence":"first","affiliation":[]},{"given":"Vijay","family":"Mookerjee","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,3,18]]},"reference":[{"key":"9737_CR1","unstructured":"2008 Annual Study: Cost of a Date Breach - Understanding Financial Impact, Customer Turnover and Preventive Solutions. Ponemon Institute, LLC."},{"key":"9737_CR2","volume-title":"The economics of information security: A survey and open questions. Proceedings of the Fourth bi-annual Conference on the Economics of the Software and Internet Industries","author":"R Anderson","year":"2007","unstructured":"Anderson, R., & Moore, T. (2007). The economics of information security: A survey and open questions. Proceedings of the Fourth bi-annual Conference on the Economics of the Software and Internet Industries. France: Toulouse."},{"key":"9737_CR3","volume-title":"Essays in the theory of risk bearing","author":"KJ Arrow","year":"1971","unstructured":"Arrow, K. J. (1971). Essays in the theory of risk bearing. Chicago, IL: Markham Publishing Co."},{"key":"9737_CR4","unstructured":"Baer, W. S. (2004). Private sector incentives for managing security. In E. O. Goldman (Ed.), National Security in the information age. Routledge."},{"issue":"3","key":"9737_CR5","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1109\/MSP.2007.57","volume":"5","author":"WS Baer","year":"2007","unstructured":"Baer, W. S., & Parkinson, A. (2007). Cyber insurance in IT security management. IEEE Security and Privacy, 5(3), 50\u201356.","journal-title":"IEEE Security and Privacy"},{"issue":"11","key":"9737_CR6","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1145\/1592761.1592780","volume":"52","author":"T Bandyopadhyay","year":"2009","unstructured":"Bandyopadhyay, T., Mookerjee, V. S., & Rao, R. C. (2009). Why IT managers don't go for cyber-insurance products. Communications of the ACM, 52(11), 68\u201373.","journal-title":"Communications of the ACM"},{"key":"9737_CR7","unstructured":"Berinato, S. 2008. Data Breach Notification Laws, State By State. Available at \n http:\/\/www.csoonline.com\/article\/2122493\/compliance\/cso-disclosure-series---data-breach-notification-laws--state-bystate.html\n \n ."},{"key":"9737_CR8","volume-title":"Cyber insurance revisited","author":"R Bohme","year":"2005","unstructured":"Bohme, R. (2005). Cyber insurance revisited. Boston, USA: Proceedings of the Workshop on the Economics of Information Security."},{"key":"9737_CR9","volume-title":"Models and measures for correlation in cyber insurance","author":"R Bohme","year":"2006","unstructured":"Bohme, R., & Kataria, G. (2006). Models and measures for correlation in cyber insurance. Boston USA: Proceedings of the Workshop on the Economics of Information Security."},{"key":"9737_CR10","volume-title":"Modeling cyber-insurance: Towards a unifying framework","author":"R Bohme","year":"2010","unstructured":"Bohme, R., & Schwartz, G. (2010). Modeling cyber-insurance: Towards a unifying framework. Cambridge USA: Proceedings of the Workshop on the Economics of Information Security."},{"key":"9737_CR11","first-page":"163","volume":"43","author":"K Borch","year":"1960","unstructured":"Borch, K. (1960). The safety loading of reinsurance premiums. Skandinavisk Aktuarietidtidskrift, 43, 163\u2013184.","journal-title":"Skandinavisk Aktuarietidtidskrift"},{"key":"9737_CR12","volume-title":"Actuarial mathematics","author":"NL Bowers","year":"1997","unstructured":"Bowers, N. L., Gerber, H. U., Hickman, J. C., Jones, D. A., & Nesbit, C. J. (1997). Actuarial mathematics (2nd ed.). Schaumburg, IL: Society of Actuaries.","edition":"2"},{"key":"9737_CR13","unstructured":"Calandro, J., Matrejek, E., Pollard, N. (2014). Managing cyber risks with insurance: Key factors to consider when evaluating how cyber insurance can enhance your security program. Price Water House Publication number BS-14-0534-A.0614. Available at (\n http:\/\/www.pwc.com\/us\/en\/increasing-it-effectiveness\/publications\/assets\/pwc-managing-cyber-risks-with-insurance.pdf\n \n )."},{"issue":"3","key":"9737_CR14","doi-asserted-by":"publisher","first-page":"431","DOI":"10.3233\/JCS-2003-11308","volume":"11","author":"K Campbell","year":"2003","unstructured":"Campbell, K., Gordon, L. A., Loeb, M. P., & Zhou, L. (2003). The economic cost of publicly announced information security breaches: empirical evidence from the stock market. The Journal of Computer Security, 11(3), 431\u2013448.","journal-title":"The Journal of Computer Security"},{"issue":"1","key":"9737_CR15","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1080\/10864415.2004.11044320","volume":"9","author":"H Cavusoglu","year":"2004","unstructured":"Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). The effect of internet security breach announcement on market value: capital market reactions for breached firms and internet security developers. International Journal of Electronic Commerce, 9(1), 70\u2013104.","journal-title":"International Journal of Electronic Commerce"},{"key":"9737_CR16","unstructured":"Ernesto, V. d. S. (2009). Mininova Hit By Massive DDoS Attack. Available at \n https:\/\/torrentfreak.com\/mininova-hit-bymassive-ddos-attack-090307\/\n \n ."},{"key":"9737_CR17","unstructured":"Evers, J. (2007). T.J. Maxx hack exposes consumer data. C-Net news, available at \n https:\/\/www.cnet.com\/news\/t-j-maxxhack-exposes-consumer-data\/\n \n ."},{"issue":"3","key":"9737_CR18","doi-asserted-by":"publisher","first-page":"399","DOI":"10.1007\/s10796-012-9348-y","volume":"16","author":"F Fang","year":"2014","unstructured":"Fang, F., Parameswaran, M., Zhao, X., & Whinston, A. B. (2014). An economic mechanism to manage operational security risks for inter-organizational information systems. Information Systems Frontiers, 16(3), 399\u2013416.","journal-title":"Information Systems Frontiers"},{"key":"9737_CR19","unstructured":"Floresca, L. 2014. Cyber Insurance 101: The basics of cyber coverage. Available at \n https:\/\/wsandco.com\/cyber-liability\/cyber-basics\/\n \n ."},{"key":"9737_CR20","unstructured":"Fourth Annual US Cost of Data Breach Study. (2008). Ponemon Institute LLC."},{"key":"9737_CR21","unstructured":"Global Cyber Impact Report. (2015). Ponemon LLC. Available at (\n http:\/\/www.aon.com\/attachments\/riskservices\/2015-Global-Cyber-Impact-Report-Final.pdf\n \n )."},{"key":"9737_CR22","unstructured":"Global Information Security Survey. (2008). Ernst and Young LCC. Available at (\n http:\/\/www.ey.com\/Global\/assets.nsf\/UK\/Global_Information_Security_Survey_2008\/$file\/EY_Global_Information_Security_Survey_2008.pdf\n \n )."},{"issue":"3","key":"9737_CR23","doi-asserted-by":"publisher","first-page":"369","DOI":"10.2307\/253617","volume":"63","author":"C Gollier","year":"1996","unstructured":"Gollier, C. (1996). Optimal insurance of approximate losses. The Journal of Risk and Insurance, 63(3), 369\u2013380.","journal-title":"The Journal of Risk and Insurance"},{"issue":"5","key":"9737_CR24","doi-asserted-by":"publisher","first-page":"1109","DOI":"10.2307\/2171958","volume":"64","author":"C Gollier","year":"1996","unstructured":"Gollier, C., & Pratt, J. W. (1996). Risk vulnerability and the tempering effect of background risk. Econometrica, 64(5), 1109\u20131123.","journal-title":"Econometrica"},{"issue":"3","key":"9737_CR25","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1145\/636772.636774","volume":"46","author":"LA Gordon","year":"2003","unstructured":"Gordon, L. A., Loeb, P. M., & Sohail, T. (2003). A framework for using insurance for cyber risk management. Communications of the ACM, 46(3), 81\u201385.","journal-title":"Communications of the ACM"},{"key":"9737_CR26","volume-title":"Cyber risks, the growing threat","author":"RP Hartwig","year":"2014","unstructured":"Hartwig, R. P., & Wilkinson, C. (2014). Cyber risks, the growing threat. USA: Insurance Information Institute."},{"key":"9737_CR27","volume-title":"Cybersecurity: Protecting critical infrastructures from cyber attack and cyber warfare","author":"TA Johnson","year":"2014","unstructured":"Johnson, T. A. (2014). Cybersecurity: Protecting critical infrastructures from cyber attack and cyber warfare. USA: CRC Press."},{"key":"9737_CR28","unstructured":"Kovacs, P., Markham, M., Sweeting, R. (2004). Cyber incident risk in Canada and the role of cyber insurance. Institute for Catastrophic Loss Reduction. ICLR Research Paper Series - No. 38."},{"key":"9737_CR29","unstructured":"Mader, B. 2002. Cyber insurance's higher rates make it a long-term sell. (Available at \n http:\/\/sanjose.bizjournals.com\/sanjose\/stories\/2002\/11\/04\/focus2.html\n \n )."},{"key":"9737_CR30","unstructured":"Majuca, R. P., Yurcik, W., Kesan, J. P. (2006). The Evolution of cyber insurance. (Available at \n http:\/\/arxiv.org\/ftp\/cs\/papers\/0601\/0601020.pdf\n \n )."},{"key":"9737_CR31","unstructured":"McLeod, D. 2015. Increased cyber losses means more litigation over claim. Business Insurance. (Available at \n http:\/\/www.businessinsurance.com\/article\/20150222\/NEWS06\/303019999\/1248\n \n )."},{"key":"9737_CR32","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1109\/MSP.2015.137","volume":"6","author":"PH Meland","year":"2015","unstructured":"Meland, P. H., Inger, A. T., & Solhaug, B. (2015). Mitigating risk with cyber insurance. IEEE Security and Privacy, 6, 38\u201343.","journal-title":"IEEE Security and Privacy"},{"key":"9737_CR33","volume-title":"Countering hidden-action attacks on networked systems. Proceedings of the Workshop on the Economics of Information Security","author":"T Moore","year":"2005","unstructured":"Moore, T. (2005). Countering hidden-action attacks on networked systems. Proceedings of the Workshop on the Economics of Information Security. Cambridge: USA."},{"key":"9737_CR34","doi-asserted-by":"publisher","first-page":"533","DOI":"10.1086\/259427","volume":"76","author":"J Mossin","year":"1968","unstructured":"Mossin, J., & Smith, T. (1968). Aspects of rational insurance purchasing. Journal of Political Economy, 76, 533\u2013568.","journal-title":"Journal of Political Economy"},{"key":"9737_CR35","unstructured":"Nelson, S. D., Simek J. W. 2005. Cyber insurance: singing in the Rain. (Available at \n http:\/\/www.senseient.com\/pdf\/CYBER\n \n \n INSURANCE.pdf)."},{"key":"9737_CR36","volume-title":"Cyber insurance and IT security investment: Impact of interdependent risk","author":"H Ogut","year":"2005","unstructured":"Ogut, H., Raghunathan, S., & Menon, N. (2005). Cyber insurance and IT security investment: Impact of interdependent risk. Cambridge, USA: Proceedings of the Workshop on the Economics of Information Security."},{"key":"9737_CR37","unstructured":"Pols, J., Parker, D. 2008. The great debate: security spending. Information Systems Security Association Journal, 6(4) ,21-25."},{"key":"9737_CR38","first-page":"84","volume":"69","author":"A Raviv","year":"1979","unstructured":"Raviv, A. (1979). The design of an optimal insurance policy. American Economic Review, 69, 84\u201396.","journal-title":"American Economic Review"},{"issue":"3","key":"9737_CR39","doi-asserted-by":"publisher","first-page":"465","DOI":"10.2307\/252724","volume":"48","author":"H Schlesinger","year":"1981","unstructured":"Schlesinger, H. (1981). The optimal level of deductibility in insurance contracts. The Journal of Risk and Insurance, 48(3), 465\u2013481.","journal-title":"The Journal of Risk and Insurance"},{"key":"9737_CR40","unstructured":"Schroeder, D. 2014. Cyber Insurance: just one component of risk management. The Walstreet Journal, May 27 2014. Available at \n http:\/\/blogs.wsj.com\/cio\/2014\/03\/27\/cyber-insurance-just-one-component-of-risk-management\/\n \n ."},{"key":"9737_CR41","volume-title":"Cyber-insurance: Missing market driven by user heterogeneity","author":"G Schwartz","year":"2010","unstructured":"Schwartz, G., Shetty, N., & Warland, J. (2010). Cyber-insurance: Missing market driven by user heterogeneity. Cambridge, USA: Proceedings of the Workshop on the Economics of Information Security."},{"issue":"4","key":"9737_CR42","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1201\/1086\/43322.11.4.20020901\/38843.5","volume":"11","author":"CA Siegel","year":"2002","unstructured":"Siegel, C. A., Ty, R. S., & Serritella, P. (2002). Cyber-risk management: technical and insurance controls for enterprise-level security. Information Systems Security, 11(4), 33\u201349.","journal-title":"Information Systems Security"},{"key":"9737_CR43","unstructured":"Steele, C. (2007). Cyber insurance supplements, not replaces data breach security (Available at \n http:\/\/searchsecuritychannel.techtarget.com\/news\/article\/0289142sid97_ gci1262357 00.html\n \n )."},{"key":"9737_CR44","unstructured":"The Betterley Report: Cyber risk and Privacy Market Survey (2010). (Available at \n http:\/\/betterley.com\/samples\/CyberRisk10nt.pdf\n \n )."},{"key":"9737_CR45","unstructured":"The Betterley Report: Cyber risk Market Survey (2008). (Available at \n http:\/\/www.betterley.com\n \n )."},{"key":"9737_CR46","unstructured":"The Betterley Report: Cyber\/Private Insurance Market Survey. (2015) (Available at \n http:\/\/www.betterley.com\n \n )."},{"key":"9737_CR47","unstructured":"Richardson, R. (2008). The CSI Computer crime and security survey. Available at (\n https:\/\/www.miel.in\/pdfs\/CSIsurvey2008.pdf\n \n )."},{"key":"9737_CR48","unstructured":"The CSI\/FBI Computer Crime and Security Surveys 2000-2006. (Available at \n http:\/\/www.gocsi.com\n \n )."},{"key":"9737_CR49","unstructured":"Wood, L. (2007). Can 'cyber insurance' protect you from data breach catastrophe? (Available at \n http:\/\/tinyurl.com\/3co9hd\n \n )."}],"container-title":["Information Systems Frontiers"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-017-9737-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10796-017-9737-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-017-9737-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,23]],"date-time":"2019-05-23T09:15:26Z","timestamp":1558602926000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10796-017-9737-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,3,18]]},"references-count":49,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2019,4]]}},"alternative-id":["9737"],"URL":"https:\/\/doi.org\/10.1007\/s10796-017-9737-3","relation":{},"ISSN":["1387-3326","1572-9419"],"issn-type":[{"value":"1387-3326","type":"print"},{"value":"1572-9419","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,3,18]]},"assertion":[{"value":"18 March 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}