A Research Agenda for Cyber Risk and Cyber Insurance | June 2019
Lead Author: Gregory Falco, Program on Geopolitics, Technology, and Governance at the Cyber Policy Center
Presented at the the 2019 Workshop on the Economics of Information Security (Boston, June 3-4, 2019)
Cyber risk as a research topic has attracted considerable academic, industry and government attention over the past 15 years. Unfortunately, research progress has been modest and has not been sufficient to answer the “call to action” in many prestigious committee and agency reports. To date, industry and academic research on cyber risk in all its complexity has been piecemeal and uncoordinated – which is typical of emergent, pre-paradigmatic fields. Further complicating matters is the multidisciplinary characteristics of cyber risk. In order to significantly advance the pace of research progress, a group of scholars, industry practitioners and policymakers from around the world present a research agenda for cyber risk and cyber insurance, which accounts for the variety of fields relevant to the problem space. We propose a cyber risk unified concept model that identifies where certain disciplines of study can add value. The concept model can also be used to identify collaboration opportunities across the major research questions. In this agenda, we unpack the major research questions into manageable projects and tactical questions that need to be addressed.