Premium
Cyber insurance and private governance: The enforcement power of markets
Author(s) -
Herr Trey
Publication year - 2021
Publication title -
regulation and governance
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 1.417
H-Index - 45
eISSN - 1748-5991
pISSN - 1748-5983
DOI - 10.1111/rego.12266
Subject(s) - corporate governance , enforcement , private sector , business , liberian dollar , state (computer science) , law and economics , economics , finance , law , political science , economic growth , algorithm , computer science
In the last half decade, cyber insurance has emerged as a multi‐billion‐dollar industry with the authority to set and enforce standards of security behavior. Although cybersecurity has become a concern of national policymakers, insurers appear to have supplanted the state to play an influential role in governing some aspects of client behavior. This paper explores private governance by cyber insurance firms and evaluates two competing explanations for its emergence – either that the private sector advanced to set and enforce cybersecurity standards for financial gain, or that the state retreated from its responsibility to regulate and private sector actors filled the gap only as necessary. To find an answer between these explanations, this article develops a single outcome case study of the American cyber insurance industry. Following a theoretical introduction to private governance and its manifestation through insurance, the article examines the insurance process and its application in cybersecurity, the key role of standards, and the mechanism of enforcing those standards. The article concludes by identifying key elements of this market‐based enforcement and discussing implications for crafting effective private governance in other domains and public policy.