Organizational Adoption of Cyber Insurance Instruments in It Security Risk Management– a Modeling Approach

Cyber insurance can be an effective instrument to transfer cyber risk and complement the benefits from technological controls that guard the IS (information and network) assets in organizations. This research attempts to identify the factors that could explain the proclivity of adoption of cyber insurance in managing cyber risk of an organization. Grounded on the context based TOE framework of adoption of innovation, we propose a research model that integrates technology, organizational and environmental factors surrounding the adoption of cyber insurance. We begin with the insights from TOE literature, and contextualize them with the specificities of cyber insurance in order to formulate a set of relevant hypotheses, empirical validation of which could provide valuable insight into organizational adoption (or the observed lack) of cyber insurance. This research attempts to explain the contextual factors that affect successful organizational adoption of cyber insurance and extend the TOE adoption of innovation theory in the area of IT security risk management.