Methodological basis of cyberinsurance risk assessment
DOI:
https://doi.org/10.32347/2411-4049.2026.2.251-261Keywords:
cyber insurance, information security, cyber risks, information security risks, cyber risks and cyber insurance maturity modelAbstract
The main objective of the study is to formulate methodological foundations for assessing cyber insurance risks. The work defines the main terms related to cyber insurance, systematizes and analyzes cyber insurance risks, presents objects (processes) that will be subject to automation in the future, and cyber insurance algorithms. The objectives of the study are to determine the foundations of the methodology for assessing cyber insurance risks and cyber insurance within the framework of the proposed cyber insurance model, which considers the basic maturity levels of the main categories of participants in the insurance market of Ukraine and can be used in practical business activities.
The methodological framework includes a description of the procedure for assessing cyber insurance (cyber insurance maturity), which complies with the provisions of the International Standard ISO/IEC 27102:2019(E) Information Security Management – Guidelines for Cyber Insurance and the Regulations on the Organization of Measures to Ensure Information Security and Cyber Protection by Financial Service Providers, approved by the Resolution of the Board of the National Bank of Ukraine dated 09.12.2025 No. 143. The basis of the procedure is the assessment of the development and implementation of cyber risk management processes and information security risks, as well as measures to ensure information security and cyber protection, considering the peculiarities of the functioning of the information and communication systems of the financial service provider within the framework of a risk-based approach.
The paper proposes a hybrid model for assessing information security risks, cyber risks and cyber insurance maturity (RA&CIMM), criteria for determining risks and the level of IT maturity of the cyber insurance model, as well as the domain structure of the cyber insurance index (cyber insurance maturity).
The results obtained can be used for planning and implementing cyber insurance by financial service providers (insurance market participants), as well as for comparative analysis with other approaches and insurance models, as well as the domain structure of the cyber insurance index (cyber insurance maturity).
References
Munich Re. (2026, March 25). Cyber Insurance: Risks and trends 2026. https://www.munichre.com/en/insights/cyber/cyber-insurance-risks-and-trends-2026.html
Silverfort. (2025). The new cyber insurance requirements: What to know & how to comply. https://www.silverfort.com/wp-content/uploads/2025/02/ebook-cyber-insurance-identity-security.pdf
Federation of European Risk Management Associations (FERMA). (2025, October 6). Demystifying cyber insurance: Today's trends & tomorrow's challenges. https://ferma.eu/wp-content/uploads/2025/10/Demystifying-Cyber-Insurance-todays-trends-tomorrows-challenges.pdf
American Academy of Actuaries. (2025, May). Reinsurance. https://www.actuary.org/wp-content/uploads/2025/05/6Reinsurance.pdf
Keyfactor. (2025). NIS2 directive solution brief. https://www.keyfactor.com/resources/nis2-directive-info/nis2-solution-brief
Khudyntsev, M. M., & Khomenko, O. A. (2026). Information technologies of cyber insurance. Electronic. Modeling, 48 (1), 33-50. ISSN 0204–3572. ISSN 0204–3572. https://doi.org/10.15407/emodel.48.01.033
Khudyntsev, M., & Khomenko, O. (2025). Automation of standardized cyber insurance processes. Environmental Safety and Natural Resources, 54(2), 143-153. https://doi.org/10.32347/2411-4049.2025.2.143-153
Ministry of Economic Development and Trade of Ukraine. (2015). Risk Management. General Risk Assessment Methods (DSTU IEC/ISO 31010:2013). https://wiki.nazk.gov.ua/wp-content/uploads/2020/10/UA-dstu-31010.pdf
International Standard ISO/IEC 27102:2019(E) Information security management – Guidelines for cyber-insurance. First edition 2019-08.
EU Cybersecurity Certification Framework (Regulation (EU) 2019/881). https://eur-lex.europa.eu/eli/reg/2019/881/oj/eng
National Institute of Standards and Technology. (2022). Framework for Cybersecurity Risk Management (NIST CSWP 29). U.S. Department of Commerce. https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf
National Bank of Ukraine (2025). On approval of the Regulation on the organization of measures to ensure information security and cyber protection by financial service providers, Resolution of the NBU Board No. 143 (2025, December 09). https://zakon.rada.gov.ua/laws/show/v0143500-25#Text
National Bank of Ukraine (2023). On approval of the Regulation on the authorization of financial service providers and the conditions for their activities with provision of financial services, Resolution of the NBU Board No. 199 (2023, December 29). https://zakon.rada.gov.ua/laws/show/v0199500-23#Text
National Bank of Ukraine (2023). On approval of the Regulation on requirements for the insurer's management system, Resolution of the NBU Board No. 194 (2023, December 27). https://zakon.rada.gov.ua/laws/show/v0194500-23#Text
National Bank of Ukraine (2023). On approval of the Regulation on the application by the National Bank of Ukraine of corrective measures, early intervention measures, and influence measures in the field of state regulation of activities in the markets of non-banking financial services, Resolution of the NBU Board No. 183 (2023, December 25). https://zakon.rada.gov.ua/laws/show/v0183500-23#Text
Adriko, R., & Nurse, J. R. (2024). Cybersecurity, cyber insurance and small-to-medium-sized enterprises: a systematic review. Inf. Comput. Secur., 32, 691-710. https://kar.kent.ac.uk/105932/1/ICS-2024-CyberInsurance-Security-AN.pdf
McGregor, R., Reaiche, C., Boyle, S., & Zubielqui, G. C. (2023). Cyberspace and Personal Cyber Insurance: A Systematic Review. Journal of Computer Information Systems, 64, 157-171. https://www.semanticscholar.org/paper/Cyberspace-and-Personal-Cyber-Insurance%3A-A-Review-Mcgregor-Reaiche/adec9dbb542cec686ca77c49094355f215755b54
Nobanee, H., Alodat, A.Y., Dilshad, M.N., El Sayah, A., Alas’ad, S.N., Al Shalabi, B.O., Alsadi, S.F., Al Marri, N.M., & Fiza, F.K. (2023). Mapping cyber insurance: a taxonomical study using bibliometric visualization and systematic analysis. Global Knowledge, Memory and Communication. https://www.semanticscholar.org/paper/Mapping-cyber-insurance%3A-a-taxonomical-study-using-Nobanee-Alodat/43250d49df871cfdbf7024c2a03b2c1007c55ec9
Khudyntsev, M. M., Zhilin, A. V., & Davydyuk, A. V. (2021). World Cybersecurity Indices: Overview and Methods of Formation (Global Report / Catalog). Kyiv: International Cybersecurity University, Institute of Modeling Problems in Energy named after G. E. Pukhov NAS of Ukraine. ISBN 978-966-136-887-2. 240 p.
Federal Trade Commission (FTC) (2024). Cyber Insurance. https://www.ftc.gov/business-guidance/small-businesses/cybersecurity/cyber-insurance
European Union Agency for Cybersecurity (ENISA) (2024). Cyber Insurance - Models and methods and the use of AI. https://www.enisa.europa.eu/publications/cyber-insurance-models-and-methods-and-the-use-of-ai
National Bank of Ukraine (2024). On approval of the Instructions for assessing compliance with international standards of oversight of entities performing the functions of a central securities depository, central counterparty, trade repository and securities settlement system in Ukraine, Resolution of the NBU Board No. 38 (2024, April 5). https://zakon.rada.gov.ua/laws/show/v0038500-24/ed20240405#n35
National Bank of Ukraine (2024). On approval of the Regulation on requirements for the credit union management system, Resolution of the NBU Board No. 15 (2024, February 02). https://zakon.rada.gov.ua/laws/show/v0015500-24/ed20240202#n63
Khudyntsev, M. M., & Khomenko O. A. (2026). Assessment of the level of digital maturity and cyber insurance of participants in the insurance market of Ukraine [Questionnaire]. Google Forms. https://docs.google.com/forms/d/e/1FAIpQLSeg0pw-c4t2--OUvOA9fYxINCKHMNJ2exQACTv1zsZwLh-bQA/viewform?usp=publish-editor
Khudyntsev, M. M., & Khomenko O. A. (2026). Assessment of the level of digital maturity of Ukrainian policyholders [Questionnaire]. Google Forms. https://docs.google.com/forms/d/e/1FAIpQLSeX_nBDb8fBtc73wbouZ-wCBZS5cwUF7Llxk 3VKOy62Kjvzgg/viewform?usp=publish-editor
Khudyntsev, M. M., & Khomenko, O. A. (2026). Assessment of the Digital Maturity and Cyber Insurance of Participants in the Global Insurance Market [Questionnaire]. Google Forms. https://docs.google.com/forms/d/e/1FAIpQLSeE0Z3oQL4UtFho5DuatvWavPQNh 78zL8C_hRi0DwZ22p7dtA/viewform?usp=publish-editor
Saaty, T. L. (2019). Theory of Analytic Hierarchical Processes. Part 2.1. The National Technical University of Ukraine "Igor Sikorsky Kyiv Polytechnic Institute". https://harvester.nas.gov.ua/Record/journaliasakpiua-article-175311/Description?sid= 154879518
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 М.М. Худинцев, О.А. Хоменко, О.А. Клименков
This work is licensed under a Creative Commons Attribution 4.0 International License.
The journal «Environmental safety and natural resources» works under Creative Commons Attribution 4.0 International (CC BY 4.0).
The licensing policy is compatible with the overwhelming majority of open access and archiving policies.
