To save as a PDF, click "Print" and select "Save as PDF" or "Print to PDF" from the Destination dropdown. On a mobile device, click the "Share" button, then choose "Print" and "Save as PDF".
Available From UC Press
Insuring Cyberinsecurity
Insurance Companies as Symbolic Regulators
A free ebook version of this title is available through Luminos, University of California Press’s Open Access publishing program. Visit www.luminosoa.org to learn more.
Despite the massive costs associated with data breaches, ransomware, viruses, and cyberattacks, most organizations remain thoroughly unprepared to safeguard consumer data. Over the past two decades, the insurance industry has begun offering cyber insurance to help organizations manage cybersecurity and privacy law compliance, while also offering risk-management services as part of their insurance packages. These insurers have thus effectively evolved into de facto regulators—yet at the same time, they have failed to effectively curtail cybersecurity breaches. Drawing from interviews, observations, and extensive content analysis of the cyber insurance industry, this book reveals how cyber insurers' risk-management services convey legitimacy to the public and to insureds but fall short of actually improving data security, rendering them largely symbolic. Speaking directly to broader debates on regulatory delegation to nonstate actors, Shauhin A. Talesh proposes a new institutional theory of insurance to explain how insurers shape the content and meaning of privacy law and cybersecurity compliance, offering policy recommendations for how insurers and governments can work together to improve cybersecurity and foster greater algorithmic justice.
Despite the massive costs associated with data breaches, ransomware, viruses, and cyberattacks, most organizations remain thoroughly unprepared to safeguard consumer data. Over the past two decades, the insurance industry has begun offering cyber insurance to help organizations manage cybersecurity and privacy law compliance, while also offering risk-management services as part of their insurance packages. These insurers have thus effectively evolved into de facto regulators—yet at the same time, they have failed to effectively curtail cybersecurity breaches. Drawing from interviews, observations, and extensive content analysis of the cyber insurance industry, this book reveals how cyber insurers' risk-management services convey legitimacy to the public and to insureds but fall short of actually improving data security, rendering them largely symbolic. Speaking directly to broader debates on regulatory delegation to nonstate actors, Shauhin A. Talesh proposes a new institutional theory of insurance to explain how insurers shape the content and meaning of privacy law and cybersecurity compliance, offering policy recommendations for how insurers and governments can work together to improve cybersecurity and foster greater algorithmic justice.
Shauhin A. Talesh is Professor of Law and Professor of Sociology and of Criminology, Law and Society at the University of California, Irvine.