Automation of standardized cyber insurance processes

Authors

  • Mykola Khudyntsev Candidate of Physical and Mathematic Science, Associated Professor, The Institute of Telecommunications and Global Information Space of the National Academy of Sciences of Ukraine, Kyiv, Ukraine https://orcid.org/0000-0002-9324-6901
  • Oleksii Khomenko Postgraduate, The Institute of Telecommunications and Global Information Space of the National Academy of Sciences of Ukraine, Kyiv, Ukraine https://orcid.org/0009-0007-4866-8244

DOI:

https://doi.org/10.32347/2411-4049.2025.2.143-153

Keywords:

cyber insurance, information security, automation, cyber risks

Abstract

The study aims to develop a cyber insurance model that includes the main requirements of international regulatory documents and provides for the automation of individual processes of cyber insurance.
The objectives of the study are to analyze existing standards, business processes of insurance of operational risks in cyberspace, means of automating insurance processes, forming a profile of cyber risks in the national cybersecurity system, critical information infrastructure, studying cyber insurance algorithms for their further automation, and substantiating the use of individual automation tools in practical activities.
The work contains a review of existing standards and processes of insurance of operational risks in cyberspace (cyber insurance) and an analysis of cyber insurance processes using information technologies. The state of the regulatory framework of cyber insurance in Ukraine is briefly analyzed. The cyber insurance processes provided for by the International Standard ISO / IEC 27102 Information Security Management – Guidelines for Cyber Insurance are studied in detail. Separate means of automating cyber insurance processes are also considered, and approaches to optimizing their use within the framework of a risk-based approach to the profile of risks in cyberspace (cyber risks) are proposed.
Analysis of cyber insurance and other preventive methods of reducing risks and the negative impact of threats in cyberspace indicates an unsatisfactory state of using such instruments in critical information infrastructure.
The work substantiates and proposes a systemized set of cyber insurance processes for effective automation of these processes and further practical application in the design tasks of relevant automated (information and communication) systems.
The results obtained can be used in cyber insurance scenarios and algorithms.

References

Marotta, A., Martinelli, F., Nanni, S., Orlando, A., & Yautsiukhin, A. (2017). Cyber-insurance survey. Comput. Sci. Rev., 24, 35-61. https://www.semanticscholar.org/paper/ Cyber-insurance-survey-Marotta-Martinelli/ad6b9bb3ff08415901a0915ba4f1e5881fa3857e

Nebolsina, E. V. (2024). Prospects for the US Cyber Insurance Market in Response to New Challenges. Society: Politics, Economics, Law (in Ukrainian). [Небольсіна, Є. В. (2024). Перспективи ринку кіберстрахування США у відповідь на нові виклики. Общество: политика, экономика, право]. https://www.semanticscholar.org/paper/U.S.-Cyber-Insurance-Market-Outlook-in-Response-to-Nebolsina/3a52eb16d16b93874d80d7617f79c98c65336564

Rangu, C.M., Badea, L., Șcheau, M.C., Găbudeanu, L., Panait, I., & Radu, V. (2024). Cyber insurance risk analysis framework considerations. The Journal of Risk Finance. https://www.semanticscholar.org/paper/Cyber-insurance-risk-analysis-framework-Rangu-Badea/3128ad0b22be3684cb5a3aff7da34120475e67df

Adriko, R., & Nurse, J.R. (2024). Cybersecurity, cyber insurance and small-to-medium-sized enterprises: a systematic Review. Inf. Comput. Secur., 32, 691-710. https://www.semanticscholar.org/paper/Cybersecurity%2C-cyber-insurance-and-enterprises %3A-a-Adriko-Nurse/b0dff05f5f8746d38ade3fe07ca227545e8fcef0#citing-papers

Bace, B., Dubois, E., & Tatar, U. (2024). Resilience against Catastrophic Cyber Incidents: A Multistakeholder Analysis of Cyber Insurance. Electronics. https://www.semanticscholar.org/paper/Resilience-against-Catastrophic-Cyber-Incidents% 3A-A-Bace-Dubois/9541205d5c607870f89eefd1e42181e6b44bc453

Nobanee, H., Alodat, A.Y., Dilshad, M.N., El Sayah, A., Alas’ad, S.N., Al Shalabi, B.O., Alsadi, S.F., Al Marri, N.M., & Fiza, F.K. (2023). Mapping cyber insurance: a taxonomical study using bibliometric visualization and systematic analysis. Global Knowledge, Memory and Communication. https://www.semanticscholar.org/paper/Mapping-cyber-insurance%3A-a-taxonomical-study-using-Nobanee-Alodat/43250d49df871cfdbf7024c2a03b2c1007c55ec9

Koshkin, D. (2023). Cyber risks: Prospective Control Instruments (using the example of Cyber Insurance). Artificial societies. https://www.semanticscholar.org/paper/Cyber-risks%3A-Prospective-Control-Instruments-(using-Koshkin/58bce94470d7ada09338f49f1a 154a66d91edfc3

International Standard ISO/IEC 27102:2019(E) Information security management – Guidelines for cyber-insurance. First edition 2019-08.

European Union Agency for Network and Information Security (ENISA) (2016). Cyber Insurance: Recent Advances, Good Practices and Challenges, November 2016. https://www.enisa.europa.eu/publications/cyber-insurance-recent-advances-good-practices-and-challenges

European Insurance and Occupational Pensions Authority (EIOPA) (2019). Cyber Risk for Insurers–Challenges and Opportunities. https://www.eiopa.europa.eu/document/ download/61701869-eab9-49c7-a9ec-14d0b810f755_en?filename=Cyber%20Risk%20for %20Insurers%20-%20Challenges%20and%20Opportunities.pdf

International Association of Insurance Supervisors (IAIS) (2020). Cyber Risk Underwriting Identified Challenges and Supervisory Considerations for Sustainable Market Development, December 2020. https://www.iais.org/uploads/2022/01/201229-Cyber-Risk-Underwriting_-Identified-Challenges-and-Supervisory-Considerations-for-Sustainable-Market-Development.pdf

Privacy + Security Academy. (2021). Cyber liability insurance buying guide 2021. Privacy + Security Academy. https://www.privacysecurityacademy.com/wp-content/uploads/2024/05/Cyber-Liability-Insurance-Buying-Guide-2021.pdf

Prudential Regulation Authority (2016). Cyber insurance underwriting risk: Consultation Paper CP39/16 (November), Bank of England, London. https://www.bankofengland.co.uk/pra/Documents/publications/cp/2016/cp3916.pdf

Organisation for Economic Co-operation and Development (OECD). (2017). Enhancing the role of insurance in cyber risk management. OECD Publishing. https://www.oecd.org/content/dam/oecd/en/publications/reports/2017/12/enhancing-the-role-of-insurance-in-cyber-risk-management_g1g82a47/9789264282148-en.pdf

Professional Risk Underwriting Pty Ltd (2021). ProRisk Cyber & Privacy Liability Insurance Policy v04.21. https://www.prorisk.com.au/siteassets/documents/policy-wordings/prorisk-cyber-privacy-liability-insurance-policy-v04.21.pdf

Philadelphia Insurance Companies (2021). Cyber security liability policy form (Form 36-8835). https://www.phly.com/files/Cyber%20Security%20Liability%20Policy%20Form36-8835.pdf

Royal & Sun Alliance Insurance plc (2018). Cyber Risk Insurance Policy. https://static.rsagroup.com/rsa/commercial-insurance-products/cyber/cyber-risk-insurance-policy-wording.pdf

Klapkiv, Yu.M. (2020). Insurance Services Market: Conceptual Principles, Technical Innovations and Development Prospects: Monograph. Ternopil: TNEU (in Ukrainian). [Клапків Ю.М. Ринок страхових послуг: концептуальні засади, технічні інновації та перспективи розвитку: монографія. Тернопіль: ТНЕУ].

Lashchyk, I., Kondrat, I., Viblyy, P., & Bilets, V. (2020). Insurance market of Ukraine: current state and development prospects. Galician Economic Bulletin, 5 (66), 105–112 (in Ukrainian). [Лащик, І., Кондрат, І., Віблий, П., Білець, В. (2020). Страховий ринок України: сучасний стан та перспективи розвитку. Галицький економічний вісник, 5 (66), 105–112].

Marina, A.S., Petsenko, M.V. (2023). Insurance market of Ukraine in wartime. Digital economy and economic security, 5 (05), 44–51 (in Ukrainian). [Марина, А.С., Пеценко, М.В. (2023). Страховий ринок України в умовах війни. Цифрова економіка та економічна безпека, № 5 (05), 44–51]. https://doi.org/10.32782/dees.5-7

Korman, I., Semenda, O., & Makushok, O. (2024). Marketing research of the Ukrainian insurance market. Kyiv Economic Scientific Journal, (4), 119-126 (in Ukrainian). [Корман, І., Семенда, О., & Макушок, О. (2024). Маркетингове дослідження українського ринку страхових послуг. Київський економічний науковий журнал, (4), 119-126]. https://doi.org/10.32782/2786-765X/2024-4-17

Adriko, R., & Nurse, J.R. (2024). Cybersecurity, cyber insurance and small-to-medium-sized enterprises: a systematic Review. Inf. Comput. Secur., 32, 691-710. https://kar.kent.ac.uk/105932/1/ICS-2024-CyberInsurance-Security-AN.pdf

McGregor, R., Reaiche, C., Boyle, S., & Zubielqui, G.C. (2023). Cyberspace and Personal Cyber Insurance: A Systematic Review. Journal of Computer Information Systems, 64, 157-171. https://www.semanticscholar.org/paper/Cyberspace-and-Personal-Cyber-Insurance% 3A-A-Review-Mcgregor-Reaiche/adec9dbb542cec686ca77c49094355f215755b54

Khudintsev, M.M., Zhilin, A.V., Davydyuk, A.V. (2021). World Cybersecurity Indices: Overview and Methods of Formation (Global Report / Catalog). Kyiv: International University of Cybersecurity, Institute of Modeling Problems in Energy named after G.E. Pukhov NAS of Ukraine (in Ukrainian). [Худинцев, М.М., Жилін, А.В., Давидюк, А.В. (2021). Світові індекси кібербезпеки: огляд та методики формування (Глобальний звіт / Каталог). Київ: Міжнародний університет кібербезпеки, Інститут проблем моделювання в енергетиці ім. Г.Є. Пухова НАН України]. ISBN 978-966-136-887-2.

Federal Trade Commission (FTC) (2024). Cyber insurance. https://www.ftc.gov/business-guidance/small-businesses/cybersecurity/cyber-insurance

European Union Agency for Cybersecurity (ENISA) (2024). Cyber Insurance – Models and methods and the use of AI. https://www.enisa.europa.eu/publications/cyber-insurance-models-and-methods-and-the-use-of-ai

National Institute of Standards and Technology. (2022). Framework for Cybersecurity Risk Management (NIST CSWP 29). U.S. Department of Commerce. https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf

National Cyber Security Centre (2025). Cyber essentials resources. https://www.ncsc.gov.uk/cyberessentials/resources#section_3

Downloads

Published

2025-06-20

How to Cite

Khudyntsev, M., & Khomenko, O. (2025). Automation of standardized cyber insurance processes. Environmental Safety and Natural Resources, 54(2), 143–153. https://doi.org/10.32347/2411-4049.2025.2.143-153

Issue

Vol. 54 No. 2 (2025): Environmental safety and natural resources

Section

Information technology and mathematical modeling

License

Copyright (c) 2025 М.М. Худинцев, О.А. Хоменко

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The journal «Environmental safety and natural resources» works under Creative Commons Attribution 4.0 International (CC BY 4.0).

The licensing policy is compatible with the overwhelming majority of open access and archiving policies.