Data Breach, Privacy, and Cyber Insurance: How Insurance Companies Act as “Compliance Managers” for Businesses

IF 1.4 2区社会学 Q1 LAW Law and Social Inquiry-Journal of the American Bar Foundation Pub Date : 2017-05-19 DOI:10.1111/lsi.12303

Shauhin A. Talesh

{"title":"Data Breach, Privacy, and Cyber Insurance: How Insurance Companies Act as “Compliance Managers” for Businesses","authors":"Shauhin A. Talesh","doi":"10.1111/lsi.12303","DOIUrl":null,"url":null,"abstract":"<p>While data theft and cyber risk are major threats facing organizations, existing research suggests that most organizations do not have sufficient protection to prevent data breaches, deal with notification responsibilities, and comply with privacy laws. This article explores how insurance companies play a critical, yet unrecognized, role in assisting organizations in complying with privacy laws and dealing with cyber theft. My analysis draws from and contributes to two literatures on organizational compliance: new institutional organizational sociology studies of how organizations respond to legal regulation and sociolegal insurance scholars' research on how institutions govern through risk. Through participant observation at conferences, interviews, and content analysis of insurer manuals and risk management services, my study highlights how insurers act as compliance managers for organizations dealing with cyber security threats. Well beyond pooling and transferring risk, insurance companies offer cyber insurance and unique risk management services that influence the ways organizations comply with privacy laws.</p>","PeriodicalId":47418,"journal":{"name":"Law and Social Inquiry-Journal of the American Bar Foundation","volume":"43 2","pages":"417-440"},"PeriodicalIF":1.4000,"publicationDate":"2017-05-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1111/lsi.12303","citationCount":"51","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Law and Social Inquiry-Journal of the American Bar Foundation","FirstCategoryId":"90","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1111/lsi.12303","RegionNum":2,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"LAW","Score":null,"Total":0}

引用次数: 51

Abstract

While data theft and cyber risk are major threats facing organizations, existing research suggests that most organizations do not have sufficient protection to prevent data breaches, deal with notification responsibilities, and comply with privacy laws. This article explores how insurance companies play a critical, yet unrecognized, role in assisting organizations in complying with privacy laws and dealing with cyber theft. My analysis draws from and contributes to two literatures on organizational compliance: new institutional organizational sociology studies of how organizations respond to legal regulation and sociolegal insurance scholars' research on how institutions govern through risk. Through participant observation at conferences, interviews, and content analysis of insurer manuals and risk management services, my study highlights how insurers act as compliance managers for organizations dealing with cyber security threats. Well beyond pooling and transferring risk, insurance companies offer cyber insurance and unique risk management services that influence the ways organizations comply with privacy laws.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

数据泄露、隐私和网络保险:保险公司如何作为企业的“合规经理”

虽然数据盗窃和网络风险是组织面临的主要威胁，但现有研究表明，大多数组织没有足够的保护措施来防止数据泄露，处理通知责任，并遵守隐私法。本文探讨了保险公司如何在协助组织遵守隐私法和处理网络盗窃方面发挥关键但尚未被认识到的作用。我的分析借鉴并促成了两篇关于组织合规的文献:关于组织如何应对法律监管的新制度组织社会学研究，以及社会法律保险学者关于机构如何通过风险进行治理的研究。通过对会议的参与观察、访谈以及对保险公司手册和风险管理服务的内容分析，我的研究突出了保险公司如何在处理网络安全威胁的组织中扮演合规经理的角色。除了集中和转移风险之外，保险公司还提供网络保险和独特的风险管理服务，这些服务会影响组织遵守隐私法的方式。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Law and Social Inquiry-Journal of the American Bar Foundation LAW-

CiteScore

2.10

自引率

0.00%

发文量