Some error occured while loading the Quick View. Please close the Quick View and try reloading the page.
A free ebook version of this title is available through Luminos, University of California Press’s Open Access publishing program. Visit www.luminosoa.org to learn more.
Despite the massive costs associated with data breaches, ransomware, viruses, and cyberattacks, most organizations remain thoroughly unprepared to safeguard consumer data. Over the past two decades, the insurance industry has begun offering cyber insurance to help organizations manage cybersecurity and privacy law compliance, while also offering risk management services as part of their insurance packages. These insurers have thus effectively evolved into de facto regulators—yet at the same time, they have failed to effectively curtail cybersecurity breaches. Drawing from interviews, observations, and extensive content analysis of the cyber insurance industry, this book reveals how cyber insurers' risk management services convey legitimacy to the public and to insureds but fall short of actually improving data security, rendering them largely symbolic. Speaking directly to broader debates on regulatory delegation to nonstate actors, Shauhin A. Talesh proposes a new institutional theory of insurance to explain how insurers shape the content and meaning of privacy law and cybersecurity compliance, offering policy recommendations for how insurers and governments can work together to improve cybersecurity and foster greater algorithmic justice.
Despite the massive costs associated with data breaches, ransomware, viruses, and cyberattacks, most organizations remain thoroughly unprepared to safeguard consumer data. Over the past two decades, the insurance industry has begun offering cyber insurance to help organizations manage cybersecurity and privacy law compliance, while also offering risk management services as part of their insurance packages. These insurers have thus effectively evolved into de facto regulators—yet at the same time, they have failed to effectively curtail cybersecurity breaches. Drawing from interviews, observations, and extensive content analysis of the cyber insurance industry, this book reveals how cyber insurers' risk management services convey legitimacy to the public and to insureds but fall short of actually improving data security, rendering them largely symbolic. Speaking directly to broader debates on regulatory delegation to nonstate actors, Shauhin A. Talesh proposes a new institutional theory of insurance to explain how insurers shape the content and meaning of privacy law and cybersecurity compliance, offering policy recommendations for how insurers and governments can work together to improve cybersecurity and foster greater algorithmic justice.
Price: $34.95
Pages: 276
Publisher: University of California Press
Imprint: University of California Press
Publication Date:
19 August 2025
Trim Size: 8.50 X 5.50 in
ISBN: 9780520401501
Format: Paperback
BISACs:
Shauhin A. Talesh is Professor of Law and Professor of Sociology and Criminology, Law and Society at the University of California, Irvine.
Contents
Acknowledgments
Part I. The Interplay Between Insurance Institutions, Law, and Cybersecurity
1. Introduction
2. A New Institutional Theory of Insurance
Part II. Insurance Companies as Regulators
3. The Influence of Technology and Big Data on Cyber Insurance
4. The Effects and Implications of the Technologization of Insurance
5. Cyber Insurance Risk Management: Ineffective, Symbolic Regulatory Interventions
6. How Cyber Insurers and Managed Security Companies Influence the Meaning of Privacy Law
Part III. Policy Reforms and Pathways Forward
7. What Can Be Done? Policy Reforms and Pathways Forward for Cyber Insurers and Governments
8. Symbolic Regulation and Insurer Influence on Private Organizations and Public Law
Notes
Bibliography
Index
Acknowledgments
Part I. The Interplay Between Insurance Institutions, Law, and Cybersecurity
1. Introduction
2. A New Institutional Theory of Insurance
Part II. Insurance Companies as Regulators
3. The Influence of Technology and Big Data on Cyber Insurance
4. The Effects and Implications of the Technologization of Insurance
5. Cyber Insurance Risk Management: Ineffective, Symbolic Regulatory Interventions
6. How Cyber Insurers and Managed Security Companies Influence the Meaning of Privacy Law
Part III. Policy Reforms and Pathways Forward
7. What Can Be Done? Policy Reforms and Pathways Forward for Cyber Insurers and Governments
8. Symbolic Regulation and Insurer Influence on Private Organizations and Public Law
Notes
Bibliography
Index