Perceptions of corporate cyber risks and insurance decision-making

Guido De Smidt, Wouter Botzen

Research output: Contribution to JournalArticleAcademicpeer-review


This study provides an analysis of individual perceptions of cyber risks amongst professional decision makers. Data are collected using a survey of corporate professionals who are engaged in risk and insurance decision-making in various functional roles mainly in large companies. The study focuses on the perceived probability as well as the anticipated financial impact of cyber risks. Behavioural factors - the availability heuristic, threshold level of concern, degree of worry and trust in one's own organisation's capabilities - are found to have significant influences on the perceived probability and impact of cyberattacks. The probability of a successful cyberattack is overestimated, and the financial impact is underestimated. Given the high perceived expected value of cyberattack losses relative to the costs of cyber risk insurance, it appears that professional decision makers deviate from the expected value-based decision-making by being reluctant to insure for cyber risk.

Original languageEnglish
Pages (from-to)239-274
Number of pages36
JournalGeneva Papers on Risk and Insurance: Issues and Practice
Issue number2
Early online date20 Mar 2018
Publication statusPublished - Apr 2018


  • availability heuristic
  • insurance demand
  • intuitive thinking
  • risk perceptions


Dive into the research topics of 'Perceptions of corporate cyber risks and insurance decision-making'. Together they form a unique fingerprint.

Cite this