طراحی الگوی پیاده سازی بیمه سایبری با استفاده ازنظریه داده بنیاد

اسماعیلی فر, بهزاد; انصاری, منوچهر

doi:10.22034/jvcbm.2024.406060.1135

طراحی الگوی پیاده سازی بیمه سایبری با استفاده ازنظریه داده بنیاد

نوع مقاله : مقاله پژوهشی( کیفی )

نویسندگان

بهزاد اسماعیلی فر ¹

منوچهر انصاری ²

¹ دانشجوی دکترای ،گروه مدیریت بازرگانی ، پردیس البرز دانشگاه تهران ، تهران، ایران

² دانشیار ،گروه مدیریت بازرگانی ، دانشکده مدیریت ، دانشگاه تهران ،تهران ، ایران

https://doi.org/10.22034/jvcbm.2024.406060.1135

چکیده

هدف پژوهش حاضر شناسایی عوامل مؤثر بر پیاده سازی بیمه سایبری در بین شرکتهای بیمه در کشور ایران است. پژوهش حاضر از لحاظ هدف، داده بنیاد است و از نوع روشهای کیفی است. جامعه آماری پژوهش متخصصان و خبرگان در زمینه بیمه سایبری است که با استفاده از روش نمونه گیری گلوله برفی مشخص شده اند. با استفاده از تکنیک مصاحبه، داده ها جمعآوری شده و سپس با استفاده از نرمافزار MAXQDA نسخه 2020 داده ها و مقوله ها کدگذاری و طبقه بندی شده اند. پایایی پژوهش با استفاده از ضریب کاپا اندازه گیری شده است. در مرحله آخر مدل پژوهشی بر اساس مدل اشتراوس وکوربین استخراج شده است. بر اساس نتایج پژوهش عوامل علی به شاخص های دانشی، فنی و شبکه تقسیم شدند. چشم انداز بیمه ای با عنوان عامل مداخله گر، تجزیه و تحلیل محیط بیرونی و درونی و همچنین بازاریابی و توجه به بازوه ای اجرایی به عنوان عوامل بسترساز، رویکرد اکوسیستمی و تدوین استراتژی بیمه ای به عنوان راهکار و نهایتاً افزایش سطح دانش شرکت های بیمه، ایمنی و امنیت داده ها، بهبود خدمات و درآمد شرکت و عدم اطمینان از کارکرد بیمه به عنوان پیامدهای مثبت و منفی بیمه سایبری شناخته شده اند.

کلیدواژه‌ها

بیمه سایبری

دانش سایبری

ایمنی و امنیت داده ها

بازاریابی بیمه سایبری

نگرش بیمه ای

موضوعات

مدیریت بازرگانی

عنوان مقاله English

Designing a cyber insurance implementation model using foundational data theory

نویسندگان English

Behzad Esmaeilifar ¹

manouchehr Ansari ²

¹ PhD student, Department of Business Administration, Alborz Campus of Tehran University, Tehran, Iran

² Associate Professor, Department of Business Administration, Faculty of Management, University of Tehran, Tehran, Iran

چکیده English

Abstract
The aim of the current research is to identify the factors affecting the implementation of cyber insurance among insurance companies in Iran. The current research is developmental and applicable in terms of its purpose, and is of qualitative methods. The statistical population of the research is specialists and experts in the field of cyber insurance, who have been identified using the snowball sampling method. Using the interview technique, the data was collected and then the data and categories were coded and classified using the MAXQDA software version 2020. The reliability of the research was measured using the Kappa coefficient. In the last stage, the research model is extracted based on the Strauss and Corbin model. Based on the results of the research, the causal factors were divided into scientific, technical, and network indicators. Insurance perspective with the title of intervening factor, analysis of the external and internal environment as well as marketing and paying attention to the executive arms as foundational factors, ecosystem approach and formulation of insurance strategy as a solution, and finally increasing the level of knowledge of the insurance company, safety and security of data, improvement of services and company income, and uncertainty about the operation of insurance are known as positive and negative consequences of cyber insurance.
Extended Abstract
Introduction
With the emergence of the Internet and related information networks, people's need to use Internet and electronic services has also increased (Kshetri et al, 2020) and has changed the economic, social and cultural aspects of humans (Wang et al. et al., 2019). With the expansion of the Internet in the business of organizations, a space called cyber was created, which boosted business activities and interactions (Swiss Re, 2014; Chief Risk Officers Forum, 2014). On the other hand, the expansion of virtual spaces increased the concern of the managers of Internet companies. The risks caused by cyber-attacks and the care of data and privacy of people caused managers to consider themselves responsible for not properly monitoring the company (Uuganbayar et al, 2020). Furthermore, the emergence of various softwares, the risk of information theft in cyberspace, intrusion into individual lives and sometimes government systems has increased, and such a situation has jeopardized information security (Kshetri et al, 2020). Until now, in Iran, specific and comprehensive coverage for cyber risk has not been provided, and the main reasons for not providing it by insurance companies can be attributed to the lack of information and technical knowledge in the field of providing the plan, the lack of knowledge of these organizations about this type of insurance coverage, and also, lack of sufficient financial transparency on the part of companies applying for such insurance policies. In this regard, the aim of the research, considering the fact that there has not been a comprehensive research on the implementation of cyber insurance in Iran, is to investigate the effective factors on the successful implementation of cyber insurance in Iran and extract a qualitative model using the foundational data theory. Therefore, the main questions of the research will be in line with the data-based theory: How to identify the factors affecting the implementation of cyber insurance in Iran? Besides, the obstacles of cyber insurance as a secondary objective are also examined.
Theoretical framework
Insurance in cyberspace or cyber insurance is an insurance policy that is provided by insurers through creating market incentives and with the aim of improving the internet security environment. For the first time, cyber insurance was invented in the late 1970s in America in connection with the loss of data caused by unauthorized physical access to computer systems in electronic banking (Kshetri et al, 2020). On the other hand, at the same time as the role of the Internet in banking increased, the role of cyber insurance also did so. Cyber insurance focuses on covering losses and negative events caused by electronic risks against possible risks such as "theft of cash", and it can examine losses caused by business interruption (Wanchun et al, 2018), and It also examines the types of events or conditions that may prevent the organization from reaching its goals (Rezakhani & Dadbeh, 2021).
Soleymani Rouzbahani & Hoseini (2016) in their research entitled "Study of crime and security insurance in cyberspace" referring to the rapid growth of technology, the introduction of computers and the use of the Internet and the resulting changes in human life, paid attention to Internet insurance as a tool to deal with the emergence of virtual crimes such as information theft in the world of internet communication.
wang (2019) in his research entitled "Integrated framework for information security investment and cyber insurance" presented an analytical model for optimizing company cyber security and cyber insurance costs based on the effectiveness of costs and with the aim of reducing threats Cyber, vulnerability and effects. This research shows how the participation of the private sector in dealing with cybercrimes can reduce the overall cyber loss and create economic value. At the micro level, the effectiveness of a company's security costs in dealing with specific cyber threats can be reduced when other related security measures are not implemented.
Methodology
In terms of the purpose of this research, it is developmental and applicable. Based on the method of data collection, it is considered a descriptive research. The method of gathering information is an in-depth interview with experts. This research has a qualitative approach and collects and analyzes data from the data-based theory research strategy (Bahari & Taheri Rouzbahani, 2023).
Research Findings
The causal factors of cyber insurance implementation were placed in three main categories of knowledge, technical factors, and network factors. Two factors "internal and external environment analysis" as well as "marketing and the attention of the executive branches" have been identified as the main components of the foundation. Three main categories with the title of "increasing the knowledge level of insurance companies", "data safety and security", and "improving the company's services and income" have been identified as the main and positive categories; and "uncertainty of the functioning of insurance" as the main and negative ones. By examining the primary codes and central categories of experts' interviews, a main category named "insurance perspective" has been identified as the main category. The existence of a database, the role of the government, insurance attitude, insurance company performance, and insurance regulations are known as central categories. The upcoming obstacles are divided into two main categories: "lack of mastery of the subject", and "lack of government support". By examining the extracted codes from the interviews of cyber insurance experts, two main components of "ecosystem approach" and "insurance strategy formulation" were identified as cyber insurance strategies.
Conclusion
The research results were based on the Strauss and Corbin model. 5 indicators influencing the successful implementation of cyber insurance have been identified, which include the causal factors of cyber insurance, the consequences of implementing cyber insurance, the underlying factors of cyber insurance, hidden and interfering factors, and finally the consequences of implementing cyber insurance (both for insurance companies and for insured companies and organizations). Since there is still no specific definition of the motives of cyber insurance and the services it can cover, the trust of different insurance groups is also weak. Therefore, a single and clear definition of insurance coverage and things outside of insurance coverage can restore trust in insurance organizations. Among related researches, Uuganbayar et al, (2020) has emphasized the single definition of the concept of cyber insurance and the precise definition of the type of coverage. The results have shown that cyber insurance can be influenced by the international environment and vice versa. In the meantime, cultural factors and society's insight into this type of insurance, economic fluctuations resulting from currency challenges, the political stability of the country, and the economic status of society are known as environmental factors affecting cyber insurance. Based on the results of the research, the two central components of the external and internal environment should be recognized as factors of cyber insurance platforms. These factors take into account the technical equipment and cyber infrastructural readiness level, and include hardware capability, software factors, tool power or strength, information content, information technology, human factors, and cyber policies. According to the research results, the consequences of cyber insurance can be divided into two positive and negative sections. In this way, increasing the level of knowledge of insurance companies and increasing the safety and security of data and improving the services and income of the company are recognized as the main and positive components. The experience of dealing with cyber risks, the way of cyber insurance, knowledge of cyber damages, and finally the growth of cyber insurance are factors that can help to increase the understanding and implementation of cyber insurance. This part of the results is also aligned with the research of Wang (2019). The existence of the database, the government and its policies, the insurance attitude, the performance of insurance companies, and insurance regulations as the central and determining components of the insurance landscape (as the main component), have played the role of interventionist in extractive model of the research. According to the results of the research, the lack of mastery over cyber insurance and the lack of government support are known as the two main obstacles to the implementation of cyber insurance. These factors include the lack of mastery of the subject which is related to the unpredictable environment, knowledge weakness, and statistical weakness; and the lack of government support which is related to government communication protocols and cumbersome government laws. This part of the results can be compared with the research of Bahsi, Franke & Friberg (2020) in which the researchers mentioned the support of the public sector in Norway in the two recent years.

کلیدواژه‌ها English

cyber insurance

cyber knowledge

data safety and security

cyber insurance marketing

insurance attitude

Adibi, M., Daryayi, A & zahdi, A. (2017). A review of internet risks and the role of cyber insurane in their management place of publication. Second international conference on management and accounting, 42-61. MANAGECONF02_0257. [In Persian],https://doi.org/10.1002/9781118445112.stat00365.pub2

Aghabeigi Nasrollahabadi, M., garkaz, M., matoofi, A., & khozain, A. (2023). presenting a model for company 's financial strategies with environmental approach and accountability. Journal of value creating in Business Management, 3(3), 108-128, https://doi.org/10.22034/jvcbm.2023.407532.1146.

Alizadeh, S., Nourbakhsh, K., & ghasemi, B. (2023). Identifying the effective dimensions and components on research and development strategies in domestic automobile companies. Journal of value creating in Business Management, 3(3), 293-311, https://doi.org/10.22034/jvcbm.2023.417612.1198.

Arabshahi, M., & Abbaszadehgaretekan, H. (2022). The Impact of Electronic Customer Relationship Management on Marketing Performance with the Analysis of the Mediating Role of Product Innovation and Emphasis on Customer Knowledge. Journal of value creating in Business Management, 3(2), 42-61. https://doi.org/10.22034/jvcbm.2023.396709.1088. [In Persian]

Awiszus, K., Knispel, T., Penner, I. et al. Modeling and pricing cyber insurance. Eur. Actuar. J. 13, 1–53 (2023). https://doi.org/10.1007/s13385-023-00341-9

Bahsi, H., Franke, U., F, E.L. (2020). The cyber-insurance market in Norway. Information & Computer Security. 28 (1): 54-67. DOI 10.1108/ICS-01-2019-0012.

Bahari, B., Taheri Rouzbahani, M. (2023). Designing an electronic human resources management model based on knowledge creation in knowledge-based companies. Journal of value creating in Business Management, 3(1), 106-121. https://doi.org/10.22034/jvcbm.2023.392785.1082. [In Persian]

Baker, T., Shortland, A. Insurance and enterprise: cyber insurance for ransomware. Geneva Pap Risk Insur Issues Pract 48, 275–299 (2023). https://doi.org/10.1057/s41288-022-00281-7

Bohme, R. and Kataria, G. (2006), “Models and measures for correlation in cyber-insurance”, The Fifth Workshop on the Economics of Information Security (WEIS 2006). 26-28 June 2006, https://doi.org/10.1002/9781118445112.stat00365.pub2.

Cebula, J. J. and Young, L. R. (2010) ‘A taxonomy of operational cyber security risks: technical Note CMU/SEI-2010-TN-028’, Software Engineering Institute, Carnegie Mellon University. 10.1184/R1/6571784.v1. http://dx.doi.org/10.6028/NIST.SP.800-53r4.

Eling, M., Schnell, W., 2016. What do we know about cyber risk and cyber risk insurance? Journal of risk finance. 17 (5): 474-491, DOI: 10.1108/JRF-09-2016-0122.

Elsan, M. (2021). Electronic commerce law. Samt publication.9th edith. Tehran, ISBN:978-964-530-826-9

Friedman, S. (2017). Deloitte University Press, Demystifying cyber insurance coverage: Clearing obstacles in a problematic but promising market. https://www2.deloitte.com/ insights/us/en/industry/financial-services/demystifying-cybersecurity-insurance.html, https://doi.org/10.1016/j.telpol.2020.102007

Ghoodjani, A. (2015). Advanced statistical methods and applications. Jame-e-Negar Publishing House(JPH). Tehran. [In Persian], https://doi.org/10.22034/jvcbm.2023.383338.1049.

Hajizadeh Majdi, R., Fatahi, S., & Ranjbar, I. (2023). Analyzing the Quantum Leadership's Dimensions, Components and indexes of the Broadcasting Organization in the field of Social Network with Delphi Fuzzi Method. Journal of value creating in Business Management, 2(4), 61-82, https://doi.org/10.22034/jvcbm.2023.383338.1049.

Ivan Homoliak, Flavio Toffalini, Juan Guarnizo, Yuval Elovici, and Martn Ochoa. ”insight into insiders and it: A survey of insider threat taxonomies, analysis, modeling, and countermeasures.” ACM Computing Surveys (CSUR) 52 (2): 1–40, https://doi.org/10.1145/3303771

Kabourati, J. (2019). Identifying and Ranking Factors affecting the Application of the Electronic Insurance in the Insurance Industry: A case Study of selected Insurance Companies. Journal of Insurance Research. 34 (2): 50-69. DOI):10.22056/jir.2019.98422.2156. [In Persian]

Kraemer, H. C. (2014). Kappa coefficient. Wiley StatsRef: Statistics Reference Online, 1-4. https://doi.org/10.1002/9781118445112.stat00365.pub2

Landis, J.R., Koch, G.G (1997). The Measurement of Observer Agreement for Categorical Data. International Biometric Society. 33 (1): 159-174. https://doi.org/10.2307/2529310

Kshetri, N., (2020). The evolution of cyber-insurance industry and market: An institutional analysis. Telecommunications Policy. 164-196, https://doi.org/10.1016/j.telpol.2020.102007.

Mahmoudi, J., & Pourshahabi, V. (2023). Investigating the effect of financial intelligence value on employees' risk taking with the mediating role of social capital. Journal of value creating in Business Management, 2(4), 25-45. https://doi.org/10.22034/jvcbm.2023.314246.1009. [In Persian]

Mazzccoli, A., Naldi, M. (2021). Optimal Investment in Cyber-Security under Cyber Insurance for a Multi-Branch Firm. Risks. 9 (24): 1-28. https://doi.org/10.3390/risks9010024.

Mukhopadhyay, A., Chatterjee, S., Saha, D., Mahanti, A. and Sadhukhan, S.K. (2013), “Cyber-risk decision models: to insure IT or not?”, Decision Support Systems.56: 11-26, doi: 10.1016/j. dss.2013.04.004.

Poorghasab, A., Hasani, M.A (2017). Cyber insurance, one solution to create security in cyber space. 6^th national conference on law and judicial studies. 57- 92. LLSC06_023. [In Persian], https://civilica.com/doc/877233.

Rousta, A., allafjafari, E., & ahmadi, M. (2023). The effect of e-satisfaction and trust on online repurchase intention through the mediation of ease of use and moderation of customers' online experience. Journal of value creating in Business Management, 3(1), 57-81. https://doi.org/10.22034/jvcbm.2023.392081.1081. [In Persian]

Rezakhani, M., Dadbeh, F. (2021). The Role of Internal Audit in Comprehensive Risk Management of Iranian Insurance Companies. Iranian Journal of Insurance Research. 36 (1): 147-172. DOI: 10.22056/JIR.2021.225992.2710. [In Persian]

Soleymani Rouzbahani, F., Hoseini, R. (2016). Study of crime and security insurance in cyberspace. International Conference on Modern Research’s in Management, Economic & Accounting. Kualalampur- Malaysia. MRMEA02_203. [In Persian], http://dx.doi.org/10.1145/2857546.2857615.

Tonn, G., Kesan, J.P., Zhang, L., Czajkowski, J. (2019). Cyber risk and insurance for transportation infrastructure. Transport policy. 79: 103-114. https://doi.org/10.1016/j.tranpol.2019.04.019

Tsohou, A., Diamantopoulou, V., Gritzalis, S. et al. Cyber insurance: state of the art, trends and future directions. Int. J. Inf. Secur. 22, 737–748 (2023). https://doi.org/10.1007/s10207-023-00660-8

Uuganbayar, G., Yautsiukhin, A., Martinelli, F, (2020). Optimisation of cyber insurance coverage with selection of cost effective security controls. Journal Pre-proof. 101: 139-156. https://doi.org/10.1016/j.cose.2020.102121

Wang, S., (2019). Integrated framework for information security investment and cyber insurance. Pacific-Basin Finance Journal. 57: 122-145. https://doi.org/10.1016/j.pacfin.2019.101173

Wanchun, D., Wenda, T., (2018). An Insurance Theory Based Optimal Cyber-Insurance Contract Against Moral Hazard. Journal Pre-proof. 527: 105-152. https://doi.org/10.1016/j.ins.2018.12.051.