University of Illinois at Urbana-Champaign
A U.S. Department of Homeland Security Center of Excellence
Critical Infrastructure Resilience Institute

Analyzing Cyberinsurance as a Market-Based Solution for Cyber Resiliency

Research Team Leadership

  • PI: Jay Kesan, University of Illinois at Urbana-Champaign 
  • Co-PI: David Nicol, University of Illinois at Urbana-Champaign
  • Co-PI: Sachin Shetty, University of Illinois at Urbana-Champaign

Cyber Security

The Homeland Security Challenge

​Assessing and quantifying the impact of a business interruption due to cyber threats is a difficult task, even for experienced assessment professionals, largely because there is no standardized approach for evaluating this type of risk. Because most owners, operators, and managers are inexperienced or unfamiliar with appropriate assessment tools, many American economic and critical infrastructure components are left vulnerable to unnecessary risk. As an emerging sector, the cyberinsurance market in particular is struggling with how to quantify the cyber vulnerability of systems and assets.

CIRI's Proposed Solution

​The vulnerability assessment tool improves cybersecurity situational awareness by generating a total risk score for a system and identifying areas requiring attention or capital investment. Though useful for a broad range of applications, the tool is particularly effective for the cyberinsurance industry. Developers have fielded inquiries from commercial, military, and government stakeholders, including the Federal Bureau of Investigation, the Naval Surface Warfare Center, Newport News Shipyard, and the Port Authority of Virginia. This tool could prove invaluable in providing appropriate cyberinsurance coverage for American ports, who process more than $1.3 trillion in annual cargo.

Research Approach

This project applies methodologies for assessing risk in the field of cyberinsurance with the goal of understanding the needs and benefits for offering insurance for cyber events. The team will define a set of initiatives to facilitate the expansion of a cyberinsurance market. One important deliverable will be a database of court cases involving cyberinsurance.