Data Breach, Privacy and Cyber Insurance

How Insurance Companies Act as “Compliance Managers” for Businesses
Seminar with Shauhin Talesh, June 26th, 12:30 pm-2:30 pm
  • ©Arthimedes/shutterstocks©Arthimedes/shutterstocks

Data Breach, Privacy and Cyber Insurance: How Insurance Companies Act as “Compliance Managers” for Businesses

Séminaire organisé par le LIEPP 

Monday June 26th 2017, 12:30 pm - 2:30 pm

LIEPP Seminar Room

1st floor, 254 bvd Saint-Germain

75007 Paris

Free entry with limited seating (Sandwich lunch will be offered)

Please click on this link to register

Shauhin Talesh  


Professor Talesh is an interdisciplinary scholar whose work spans law, sociology, and political science. His research interests include the empirical study of law and business organizations, dispute resolution, consumer protection, insurance, and the relationship between law and social inequality. Professor Talesh’s most recent empirical study addresses the intersection between organizations, risk, and consumer protection laws, focusing on private organizations' responses to and constructions of laws designed to regulate them, consumers' mobilization of their legal rights and the legal cultures of private organizations. Professor Talesh’s scholarship has appeared in multiple law and peer-reviewed social science journals including Law and Society Review and has won multiple awards in Sociology, Political Science and Law & Society.


Abstract of the paper :

While data theft and cyber risk are some of the biggest threats facing organizations, existing research suggests that the majority of organizations do not have sufficient protections in place to prevent data breach events, deal with post-breach notification responsibilities, and comply with various privacy laws. This article explores how insurance companies play a critical and as yet, unrecognized role in assisting organizations in complying with privacy laws and dealing with cyber theft.  My analysis draws from and contributes to two literatures that examine organizational compliance with law in different ways:  new institutional organizational sociology studies of how organizations respond to legal regulation and socio-legal insurance scholars’ research on how institutions govern through risk.  Through participant observation at cyber liability insurance conferences, interviews, and content analysis of insurer loss prevention manuals and risk management services, my study bridges these two literatures and highlights how the insurance field acts as a compliance manager for organizations dealing with cyber security threats.  Well beyond pooling and transferring risk, insurance companies offer cyber insurance and a series of unique risk-management services that influence the form of compliance of organizations dealing with privacy laws. My data reveal that insurance institutions — and the risk management services that accompany cyber liability insurance — play an important role in shaping the way organizations deal with cyber threats and comply with privacy laws.