In this paper, we study the law and economics of cyber risk pooling arrangements: risk sharing without an insurer. We start our discussion with the current theoretical foundations for risk shifting in cyber security. We subsequently discuss cyber risk pooling in relation to individual risk management and cyber insurance. This leads to the formulation of conditions for effective risk pooling in cyber security. We show that pooling, under some circumstances, may be more effective than cyber insurance. The main question for future research is whether risk pools in cyber security are capable of compartmentalization of risks and whether transaction costs of monitoring can be kept sufficiently low.
View graph of relations
- risk pools, risk sharing, cyber security, mutual insurance