Title: Maritime cyber-insurance: the Norwegian case

Authors: Ulrik Franke; Even Langfeldt Friberg; Hayretdin Bahşi

Addresses: RISE Research Institutes of Sweden AB, Kista, Sweden ' Department of Software Science, Tallinn University of Technology, Tallinn, Estonia ' Department of Software Science, Tallinn University of Technology, Tallinn, Estonia

Abstract: Major cyber incidents such as the Maersk case have demonstrated that the lack of cyber security can induce huge operational losses in the maritime sector. Cyber-insurance is an instrument of risk transfer, enabling organisations to insure themselves against financial losses caused by cyber incidents and get access to incident management services. This paper provides an empirical study of the use of cyber-insurance in the Norwegian maritime sector, with a particular emphasis on the effects of the General Data Protection Regulation and the Directive on Security of Network and Information Systems. Norway constitutes a significant case as a country having a highly mature IT infrastructure and well-developed maritime industry. Interviews were conducted with supplier- and demand-side maritime actors. Findings point to a widespread lack of knowledge about cyber-insurance. Furthermore, neither GDPR nor NIS were found to be significant drivers of cyber-insurance uptake among maritime organisations.

Keywords: security; risk; policy; regulation; cyber-insurance; information sharing.

DOI: 10.1504/IJCIS.2022.125816

International Journal of Critical Infrastructures, 2022 Vol.18 No.3, pp.267 - 286

Received: 16 Oct 2020
Accepted: 14 Dec 2020
Published online: 29 Sep 2022 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article