{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,19]],"date-time":"2026-03-19T19:17:58Z","timestamp":1773947878872,"version":"3.50.1"},"reference-count":38,"publisher":"Emerald","issue":"1","license":[{"start":{"date-parts":[[2019,10,18]],"date-time":"2019-10-18T00:00:00Z","timestamp":1571356800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2019,10,18]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title><jats:p>This paper aims to describe the cyber-insurance market in Norway but offers conclusions that are interesting to a wider audience.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title><jats:p>The study is based on semi-structured interviews with supply-side actors: six general insurance companies, one marine insurance company and two insurance intermediaries.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Findings<\/jats:title><jats:p>The Norwegian cyber-insurance market supply-side has grown significantly in the past two years. The General Data Protection Regulation (GDPR) is found to have had a modest effect on the market so far but has been used by the supply-side as an icebreaker to discuss cyber-insurance with customers. The NIS Directive has had little or no impact on the Norwegian cyber-insurance market until now. Informants also indicate that Norway is still the least mature of the four Nordic markets.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Practical implications<\/jats:title><jats:p>Some policy lessons for different stakeholders are identified.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title><jats:p>Empirical investigation of cyber-insurance is still rare, and the paper offers original insights on market composition and actor motivations, ambiguity of coverage, the NIS Directive and GDPR.<\/jats:p><\/jats:sec>","DOI":"10.1108\/ics-01-2019-0012","type":"journal-article","created":{"date-parts":[[2019,10,22]],"date-time":"2019-10-22T08:00:12Z","timestamp":1571731212000},"page":"54-67","source":"Crossref","is-referenced-by-count":19,"title":["The cyber-insurance market in Norway"],"prefix":"10.1108","volume":"28","author":[{"given":"Hayretdin","family":"Bah\u015fi","sequence":"first","affiliation":[]},{"given":"Ulrik","family":"Franke","sequence":"additional","affiliation":[]},{"given":"Even Langfeldt","family":"Friberg","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"issue":"3","key":"key2020040311053934000_ref001","doi-asserted-by":"crossref","first-page":"278","DOI":"10.18261\/ISSN1504-2936-2006-03-03","article-title":"Aktiv informantintervjuing","volume":"22","year":"2006","journal-title":"Norsk Statsvitenskapelig Tidsskrift"},{"issue":"5799","key":"key2020040311053934000_ref002","doi-asserted-by":"publisher","first-page":"610","DOI":"10.1126\/science.1130992","article-title":"The economics of information security","volume":"314","year":"2006","journal-title":"Science"},{"key":"key2020040311053934000_ref003","unstructured":"Askvik, C. (2018), \u201cEn effektiv marknad f\u00f6r cyberf\u00f6rs\u00e4kringar i EU: Om cybers\u00e4kerhet och cyberf\u00f6rs\u00e4kringar i EU och hur de kan komma att p\u00e5verkas av NIS\u2010direktivet samt GDPR\u201d, Master's thesis, Link\u00f6ping University, Link\u00f6ping, Sweden."},{"key":"key2020040311053934000_ref004","volume-title":"Cyber Insurance as a Contribution to IT Risk Management","year":"2017"},{"issue":"11","key":"key2020040311053934000_ref005","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1145\/1592761.1592780","article-title":"Why IT managers don't go for cyber-insurance products","volume":"52","year":"2009","journal-title":"Communications of the Acm"},{"key":"key2020040311053934000_ref006","unstructured":"BIPAR, FERMA and Insurance Europe (2018), \u201cPreparing for cyber insurance\u201d, available at: www.insuranceeurope.eu\/sites\/default\/files\/attachments\/Preparing%20for%20cyber%20insurance.pdf (accessed 10 October 2018)."},{"key":"key2020040311053934000_ref007","article-title":"Models and measures for correlation in cyber-insurance","year":"2006","journal-title":"WEIS"},{"key":"key2020040311053934000_ref008","article-title":"Modeling cyber-insurance: towards a unifying framework","year":"2010","journal-title":"WEIS"},{"key":"key2020040311053934000_ref009","article-title":"The 10 countries best prepared for the new digital economy","year":"2016"},{"issue":"1","key":"key2020040311053934000_ref010","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1080\/23738871.2017.1296878","article-title":"Cyber risk and the changing role of insurance","volume":"2","year":"2017","journal-title":"Journal of Cyber Policy"},{"key":"key2020040311053934000_ref011","unstructured":"Chiglinsky, K. and Basak, S. (2018), \u201cWarren Buffett preaches caution on cyber insurance because risks are unknown\u201d, available at: www.carriermanagement.com\/news\/2018\/05\/06\/178898.htm (accessed 28 May 2018)."},{"key":"key2020040311053934000_ref012","unstructured":"DLA Piper and AON (2019), \u201cThe price of data security: a guide to insurability of GDPR fines across Europe\u201d, available at: www.aon.com\/unitedkingdom\/insights\/a-guide-to-the-insurability-of-gdpr-fine.jsp (accessed 21 August 2018)."},{"issue":"5","key":"key2020040311053934000_ref013","doi-asserted-by":"publisher","first-page":"474","DOI":"10.1108\/JRF-09-2016-0122","article-title":"What do we know about cyber risk and cyber risk insurance?","volume":"17","year":"2016","journal-title":"The Journal of Risk Finance"},{"key":"key2020040311053934000_ref014","doi-asserted-by":"publisher","DOI":"10.2824\/691163","volume-title":"Commonality of Risk Assessment Language in Cyber Insurance: Recommendations on Cyber Insurance","author":"ENISA (European Union Agency for Network and Information Security)","year":"2017"},{"key":"key2020040311053934000_ref015","first-page":"1","article-title":"Regulation (EU) 2016\/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95\/46 (general data protection regulation). L 119","author":"EPEC (European Parliament and European Council)","year":"2016","journal-title":"Official Journal of the European Union (OJ)"},{"key":"key2020040311053934000_ref016","first-page":"1","article-title":"Directive (EU) 2016\/1148 of the european parliament and of the council of 6 july 2016 concerning measures for a high common level of security of network and information systems across the union. L 194","author":"EPEC (European Parliament and European Council)","year":"2016","journal-title":"Official Journal of the European Union (OJ)"},{"key":"key2020040311053934000_ref017","unstructured":"European Commission (2016), \u201cThe directive on security of network and information systems (NIS directive)\u201d, available at: https:\/\/ec.europa.eu\/digital-single-market\/en\/network-and-information-security-nis-directive (accessed 28 May 2018)."},{"key":"key2020040311053934000_ref018","article-title":"A research agenda for cyber risk and cyber insurance","year":"2019","journal-title":"WEIS"},{"key":"key2020040311053934000_ref019","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1016\/j.cose.2017.04.010","article-title":"The cyber insurance market in Sweden","volume":"68","year":"2017","journal-title":"Computers and Security"},{"key":"key2020040311053934000_ref020","doi-asserted-by":"publisher","first-page":"73","DOI":"10.1007\/978-3-030-01141-3_5","article-title":"Cyber insurance against electronic payment service outages","volume-title":"Security and Trust Management","year":"2018"},{"key":"key2020040311053934000_ref021","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-88r1","article-title":"Guidelines for media sanitization: US department of commerce","year":"2014","journal-title":"National Institute of Standards and Technology"},{"issue":"1","key":"key2020040311053934000_ref022","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1093\/cybsec\/tyw002","article-title":"The economics of mandatory security breach reporting to authorities","volume":"2","year":"2016","journal-title":"Journal of Cybersecurity"},{"key":"key2020040311053934000_ref023","unstructured":"McAfee and CSIS (Centre for Strategic and International Studies) (2014), \u201cNet losses: estimating the global cost of cybercrime\u201d, available at: https:\/\/csis-prod.s3.amazonaws.com\/s3fs-public\/legacy_files\/files\/attachments\/140609_rp_economic_impact_cybercrime_report.pdf"},{"key":"key2020040311053934000_ref024","volume-title":"Strukturert Intervju","year":"2015"},{"key":"key2020040311053934000_ref025","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1016\/j.dss.2013.04.004","article-title":"Cyber-risk decision models: to insure IT or not?","volume":"56","year":"2013","journal-title":"Decision Support Systems"},{"key":"key2020040311053934000_ref026","unstructured":"OECD (Organisation for Economic Co-operation and Development) (2016), \u201cCyber risk insurance\u201d, Available at: www.oecd.org\/finance\/insurance\/cyber-risk-insurance.htm (accessed 9 January 2017)."},{"key":"key2020040311053934000_ref027","doi-asserted-by":"publisher","DOI":"10.1787\/9789264282148-en","volume-title":"Enhancing the Role of Insurance in Cyber Risk Management","author":"OECD (Organisation for Economic Co-operation and Development)","year":"2017"},{"key":"key2020040311053934000_ref028","first-page":"235","article-title":"\u201cWill cyber-insurance improve network security? A market analysis\u201d","year":"2014"},{"key":"key2020040311053934000_ref029","article-title":"Insuring the uninsurable: is cyber insurance really worth its salt?","year":"2017"},{"issue":"3","key":"key2020040311053934000_ref030","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1145\/365181.365229","article-title":"Insurance and the computer industry","volume":"44","year":"2001","journal-title":"Communications of the Acm"},{"key":"key2020040311053934000_ref031","doi-asserted-by":"crossref","first-page":"229","DOI":"10.1007\/978-1-4419-6967-5_12","article-title":"Competitive cyber-insurance and internet security","volume-title":"Economics of Information Security and Privacy","year":"2010"},{"key":"key2020040311053934000_ref032","unstructured":"Smaller Firms Opting Out of Otherwise Soaring Cyber Insurance Market: A.M. Best (2018), \u201cCarrier management\u201d, available at: www.carriermanagement.com\/news\/2018\/05\/21\/179595.htm (accessed 28 May 2018)."},{"key":"key2020040311053934000_ref033","doi-asserted-by":"publisher","first-page":"175","DOI":"10.1007\/978-3-319-45507-5_12","article-title":"Differentiating cyber risk of insurance customers: the insurance company perspective","volume-title":"International Conference on Availability, Reliability, and Security","year":"2016"},{"key":"key2020040311053934000_ref034","volume-title":"Understanding When and How to Use Cyberinsurance Effectively","year":"2015"},{"issue":"2","key":"key2020040311053934000_ref035","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1080\/23738871.2017.1360927","article-title":"Policy measures and cyber insurance: a framework","volume":"2","year":"2017","journal-title":"Journal of Cyber Policy"},{"key":"key2020040311053934000_ref036","article-title":"Cyber resilience playbook for public-private collaboration","author":"World Economic Forum","year":"2018"},{"issue":"1","key":"key2020040311053934000_ref037","doi-asserted-by":"crossref","first-page":"123","DOI":"10.2753\/MIS0742-1222300104","article-title":"Managing interdependent information security risks: cyberinsurance, managed security services, and risk pooling arrangements","volume":"30","year":"2013","journal-title":"Journal of Management Information Systems"},{"key":"key2020040311053934000_ref038","unstructured":"Microsoft (2018), \u201cMicrosoft Security Intelligence Report\u201d, Vol. 23, available at: www.microsoft.com\/en-us\/security\/intelligence-report (accessed 18 October 2018)."}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2019-0012\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2019-0012\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:36Z","timestamp":1753406556000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/28\/1\/54-67\/108344"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,10,18]]},"references-count":38,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2019,10,18]]}},"alternative-id":["10.1108\/ICS-01-2019-0012"],"URL":"https:\/\/doi.org\/10.1108\/ics-01-2019-0012","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"},{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2019,10,18]]}}}