Skip to main content
University of California Press
Open Access

Insuring Cyberinsecurity

Insurance Companies as Symbolic Regulators

by Shauhin A. Talesh (Author)
Price: $34.95 / £30.00
Publication Date: Aug 2025
Edition: 1st Edition
Title Details:
Rights: World
ISBN: 9780520401501
Trim Size: 5.5 x 8.5
Illustrations: 4 b/w figures, 2 tables

About the Book

A free ebook version of this title is available through Luminos, University of California Press’s Open Access publishing program. Visit www.luminosoa.org to learn more.

Despite the massive costs associated with data breaches, ransomware, viruses, and cyberattacks, most organizations remain thoroughly unprepared to safeguard consumer data. Over the past two decades, the insurance industry has begun offering cyber insurance to help organizations manage cybersecurity and privacy law compliance, while also offering risk management services as part of their insurance packages. These insurers have thus effectively evolved into de facto regulators—yet at the same time, they have failed to effectively curtail cybersecurity breaches. Drawing from interviews, observations, and extensive content analysis of the cyber insurance industry, this book reveals how cyber insurers' risk management services convey legitimacy to the public and to insureds but fall short of actually improving data security, rendering them largely symbolic. Speaking directly to broader debates on regulatory delegation to nonstate actors, Shauhin A. Talesh proposes a new institutional theory of insurance to explain how insurers shape the content and meaning of privacy law and cybersecurity compliance, offering policy recommendations for how insurers and governments can work together to improve cybersecurity and foster greater algorithmic justice.

About the Author

Shauhin A. Talesh is Professor of Law and Professor of Sociology and of Criminology, Law and Society at the University of California, Irvine.

Reviews

"Insuring Cyberinsecurity provides a compelling, nuanced account of how insurance companies serve as symbolic regulators, most significantly through post-breach services that shape the content and meaning of privacy and cyber compliance. Its theoretical innovation, empirical rigor, and interdisciplinary relevance make it an outstanding work, with the potential to significantly impact the field."—Tom Baker, coauthor of Ensuring Corporate Misconduct: How Liability Insurance Undermines Shareholder Litigation

"Shauhin Talesh offers a fascinating analysis of the evolving cyberinsurance industry and its great promise as well as its significant failings. A crisply drawn and deeply insightful portrayal of an industry at a crucial inflection point, this book provides a new window on the intersection of risk, cybersecurity, and the emerging threat landscape."—Josephine Wolff, author of Cyberinsurance Policy: Rethinking Risk in an Age of Ransomware, Computer Fraud, Data Breaches, and Cyberattacks

"An eye-opening look at how insurance companies shape the meanings of risk, law, and liability related to technological security breaches. Anyone concerned about preventing such calamities, or interested in law and organizations more broadly, should read this timely book."—Calvin Morrill, coauthor of Navigating Conflict: How Youth Handle Trouble in a High-Poverty School

"Dives into the symbolic power—and limitations—of cyber insurance as it redefines digital security in the modern age. Essential reading for anyone interested in the intricate ties between insurance and regulation and questioning the reliance on insurers to safeguard our digital future."—Daniel Schwarcz, Fredrikson & Byron Professor of Law and Distinguished University Teaching Professor, University of Minnesota Law School

"Talesh offers a novel theory and impressive evidence showing how insurance companies shape the meaning of cybersecurity law in ways that fail to enhance cybersecurity but do capitalize on big data to serve their own interests. It's a must read for socio-legal scholars, regulators, and technologists, and for all concerned about data privacy."—Robin Stryker, Distinguished Professor of Sociology, Purdue University

"This pathbreaking work takes a novel socio-legal perspective on the significant role of insurance in affecting both legal liability and crime prevention in cyberspace. Based on carefully collected qualitative and quantitative data, this is a thoroughly researched, brilliantly argued, and convincing guide to better regulatory and preventive practices that will undoubtedly be an invaluable resource for scholars in a number of fields, industry experts, and policymakers alike."—Henry N. Pontell, coauthor of Profit Without Honor: White-Collar Crime and the Looting of America

"Provides a fresh perspective on regulation and compliance. The book shows the important role insurance companies play in shaping the meaning of the law and ultimately what compliance looks like in practice. A must-read for anyone interested in the sociology of law, regulation, and institutions."—Benjamin van Rooij, coauthor of The Behavioral Code: The Hidden Ways the Law Makes Us Better . . . Or Worse

"Talesh stresses that the big question is under what conditions cyber insurers can play a de facto regulatory role. By framing the question in this original way, he illuminates the complex field of the public-private partnerships, providing essential insights for those seeking to understand and reform cyber governance in the US and other countries."—Péricles Gonçalves, Professor of Law and Associate Dean for Institutional Projects, FGV Rio Law