TY - CHAP
T1 - "Why would money protect me from cyber bullying?"
T2 - A Mixed-Methods Study of Personal Cyber Insurance
AU - Jain, Rachiyta
AU - Hrle, Temima
AU - Marinetti, Margherita
AU - Jenkins, Adam
AU - Böhme, Rainer
AU - Woods, Daniel
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - Individuals can become victims of security incidents, privacy violations, online scams, and social media abuse. In addition to prevention, users should create response strategies in case misfortune strikes. To better understand response to digital harm, we conducted the first study of personal cyber insurance in the US and the UK. We explored the supply-side via a content analysis of 24 cyber insurance policies. The results show personal cyber insurance compensates security, privacy and fraud incidents, with a slim majority also covering cyberbullying. Comparing these results to prior work, we find that coverage in the US and UK has significant differences to coverage in Germany. We study the demand-side via a survey distributed to 584 participants with an even US/UK split. Just 1.6% of respondents have cyber coverage and 8.5% are aware of the product. We introduce the concepts of risk uncertainty and coverage uncertainty, finding both are prevalent for personal cyber insurance. Studying coverage uncertainty, we discover a gap between insurers and participants, which is broadest for online fraud and narrowest for identity theft and cyber-bullying. Turning to risk uncertainty, we discovered that in the aggregate users are relatively well calibrated regarding the frequency of different incidents. Individuals estimate that fraud incidents have the greatest impact, followed by security and privacy incidents. Cyberbullying has very low estimated impact. Regarding purchasing a policy, participants raised uncertainties about contractual details, reporting requirements, victimization statistics, and access to security solutions.
AB - Individuals can become victims of security incidents, privacy violations, online scams, and social media abuse. In addition to prevention, users should create response strategies in case misfortune strikes. To better understand response to digital harm, we conducted the first study of personal cyber insurance in the US and the UK. We explored the supply-side via a content analysis of 24 cyber insurance policies. The results show personal cyber insurance compensates security, privacy and fraud incidents, with a slim majority also covering cyberbullying. Comparing these results to prior work, we find that coverage in the US and UK has significant differences to coverage in Germany. We study the demand-side via a survey distributed to 584 participants with an even US/UK split. Just 1.6% of respondents have cyber coverage and 8.5% are aware of the product. We introduce the concepts of risk uncertainty and coverage uncertainty, finding both are prevalent for personal cyber insurance. Studying coverage uncertainty, we discover a gap between insurers and participants, which is broadest for online fraud and narrowest for identity theft and cyber-bullying. Turning to risk uncertainty, we discovered that in the aggregate users are relatively well calibrated regarding the frequency of different incidents. Individuals estimate that fraud incidents have the greatest impact, followed by security and privacy incidents. Cyberbullying has very low estimated impact. Regarding purchasing a policy, participants raised uncertainties about contractual details, reporting requirements, victimization statistics, and access to security solutions.
UR - http://www.scopus.com/inward/record.url?scp=105009318603&partnerID=8YFLogxK
U2 - 10.1109/SP61157.2025.00027
DO - 10.1109/SP61157.2025.00027
M3 - Conference paper
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 2264
EP - 2283
BT - Proceedings - 46th IEEE Symposium on Security and Privacy, SP 2025
A2 - Blanton, Marina
A2 - Enck, William
A2 - Nita-Rotaru, Cristina
PB - IEEE Computer Society
ER -
