Date of Award

Spring 2021

Degree Type



Moore School of Business

Director of Thesis

Robert Hartwig

Second Reader

Gregory Niehaus


Insurance and hedging instruments can help corporations manage many of the operational and financial risks they face. Yet, additional complexities are introduced now that many risks are increasingly interdependent and thus strongly correlated, making them more challenging to manage. Few risks illustrate this challenge better than cyber risk.

This thesis will focus on the increasing attention that the management of cyber risks receives in corporations, institutions and industries, and the role that insurance and risk management strategies play in mitigating this risk. The decision to focus on cyber risks—and the financing and management of those risks—is directly related to the exponential increase in cyber threats throughout the global economy. Thirty years ago, few would have predicted the magnitude of damage that cyber-attacks would routinely inflict upon organizations of all sizes—with the potential for far more severe losses looming ever larger. The rapid evolution and escalation of cyber threats—along with their ubiquitous nature—has led to a comprehensive reassessment of how organizations manage risks of all types. Insurers have been meeting the changing risk management needs of these organizations through innovations in product design, which now commonly include elements of loss control and post-event mitigation—in addition to traditional loss financing.

This thesis begins with a historical review of cyber threats and proceeds to examine the varied nature of cyber threats impacting several key industries. Data on major attacks for each industry examined in this thesis were researched, collected and analyzed, and are displayed in the database included in the appendix to this paper. For the discussion of early-stage cyber threats, I will trace the evolution of cyber threats from relatively simplistic denial-of-service attacks, to early computer viruses, to phishing emails, and to the multiplicity of sophisticated threats seen today, such as ransomware. The objective is to provide those who are unfamiliar with cyber risk (i.e., students or other professionals) with an increased awareness of the threats, as well as an understanding of how organizations can mitigate such threats.

First Page


Last Page


Included in

Insurance Commons