Loss Compensation Logic and Insurance Liability Determination of Cybersecurity Loss Insurance
In modern society,the popularization and application of network communication technology has reshaped social structure and social relations,but it has also produced post-modern social risks-cybersecurity risks.Diversified governance tools such as law,technology,and market have become the core elements of current cybersecurity governance.Under the guidance of market governance,cybersecurity loss insurance has gradually received attention,and policies such as theOpinions on Promoting the Standardized and Healthy Development of Cyber Security Insurancewere released one after another.However,most of existing studies discuss issues such as risk insurability and insurance product design from an insurance perspective.In particular,there is a lack of specialized research at the legal system level on matters that are prone to legal disputes such as the scope of loss compensation for this type of insurance.Since there are no judicial cases on cybersecurity loss insurance in China,this article uses judicial cases in the United States,where cybersecurity loss insurance is relatively developed,as an argument to analyze the U.S.courts'decisions on the purpose of insurance contracts,determination of insurance liability,and determination of the scope of cybersecurity losses.In addition,this article,based on the practical characteristics of cyber security losses,compares them with the concept of loss in traditional civil law theory.From this point of view,all cyber security economic losses at the factual level do not certainly belong to the basic scope of loss compensation in insurance law.According to the basic division of"actual losses"and"reasonable expenses",the loss compensation logic followed by cybersecurity loss insurance is actually based on"limited compensation",and its ideal"supplementary"effect is to compensate for the difference in operating capacity before and after the occurrence of cybersecurity incidents and the difference in actual economic profits.Compared with existing research,this article conducts a specialized analysis of two common types of security losses-business interruption losses and cyber extortion,and makes an expanded discussion on their corresponding insurance liabilities.First,for business interruption losses,insurance liability is limited to cybersecurity failures that the insured cannot effectively handle.As business interruption losses are in the nature of profit losses,the prerequisite for cybersecurity loss insurance to compensate for such losses is that the losses are caused or expanded due to reasons within the scope of liability of the main insurance clauses.Second,for losses such as cyber extortion,the assumption of insurance liability is based on the premise that"paying the ransom is the best way to avoid the expansion of losses".Moreover,after the insured fulfills its notification obligation in a timely manner,the data to be protected by paying the ransom should be the data held hostage by the cyber extortion attack.This article reveals the compensation function of cybersecurity loss insurance for various types of cybersecurity losses,which helps to reduce legal disputes about the insurance liability clauses of this type of insurance in the practical pilot of cybersecurity loss insurance and realize the loss of cybersecurity insurance.The filling function is connected with the functions of the current cybersecurity legal system.
cybersecurity loss insurancecompensation for lossesbusiness interruption losscyber extortion
万方数据
维普
