Insurance as a Private Sector Regulator and Promoter of Security and Safety: Case Studies in Governing Emerging Technological Risk From Commercial Nuclear Power to Health Care Sector Cybersecurity


Insurance has been described as “a technology of governance beyond the state” (Ericson et al. p. 33). This dissertation will explore how both public and private insurance mechanisms can govern emerging technological risks by regulating and incentivizing private-sector security and safety behavior. Specifically, this study will seek to explain how insurance - an economic device for equitably transferring the risk of a loss, from one entity to another - can drive risk management and protection improvements at firms who acquire coverage. To answer this question, this study will use case studies to examine the role that insurance has played in managing and enhancing safety and security in three emerging technological risk regimes including commercial nuclear power, environmental pollution, and healthcare sector cybersecurity. It utilizes a mixed-methods multiple comparative case study approach to explore the key research question: “How can insurance promote better safety in emerging technological regimes?” Both qualitative and quantitative evidence is presented including a new comprehensive database - the Healthcare Cyber Attacks Database (HCAD) - documenting over 5600 breaches against healthcare entities and sub-entities over the period 2005 to 2021. The key finding derived from this evidence supports the main hypothesis that “Insurance can improve the safety posture of firms engaged in emerging technologies.”



Cyber Insurance, Environmental Insurance, Insurance, Nuclear Insurance, Risk Management