Journal of Information System and Technology Auditing

Journal of Information System and Technology Auditing

A Systemic Analysis of Barriers to Cyber Insurance Adoption by Businesses: A Delphi–DEMATEL Approach

Document Type : Original Article

Authors
Ali Sibevei 1
Mostafa Niazy 2
Reza Morshedzadeh 2
1 Assistant Professor, Faculty of Agriculture, University of Torbat Heydarieh, Torbat Heydarieh, Iran
2 M.Sc., Faculty of Industrial Engineering and Management, Shahrood University of Technology, Shahrood, Iran
10.22034/jista.2026.569359.1078
Abstract
Despite the severity and growing pervasiveness of cyber threats, the uptake of cyber insurance in Iran remains sluggish. This applied study adopts a systemic perspective to identify the main barriers to adoption and map their causal interrelationships. The research employs a mixed-methods design. A systematic literature review initially yielded fifteen potential barriers, which were subsequently reduced to ten key obstacles through a Delphi panel of experts. In the quantitative phase, the classical DEMATEL method and pairwise expert judgments were used to compute influence indices and construct a causal network. The findings reveal that the sufficiency and quality of incident and loss data constitute the core of the barrier network and are strongly shaped by upstream factors such as the level of institutional and governmental engagement, the capacity of the reinsurance market, clarity around coverage boundaries, especially regarding war and governmental actions, and inconsistencies in regulations and standards. Two context-specific barriers, namely the perceived risk of information disclosure and sanctions-related constraints on technical and reinsurance access, further differentiate the Iranian market and amplify behavioral and operational frictions on both the insurer and insured sides. Building on the feedback-rich causal map, the study proposes a policy package centered on controlled data sharing and greater transparency, regulatory and standard alignment, and enhanced financial and reinsurance capacity, alongside redesigned coverages, closer alignment with defensive controls, and improved post-incident services to strengthen trust and foster wider adoption of cyber insurance.
Keywords
Cyber Insurance
Systems Approach
DEMATEL
Delphi Method
Adriko, R., & Nurse, J. R. (2024a). Cybersecurity, cyber insurance and small-to-medium-sized enterprises: a systematic Review. Information & Computer Security32(5), 691-710. https://doi.org/10.1108/ICS-01-2024-0025
Adriko, R., & Nurse, J. R. (2024b). Does cyber insurance promote cyber security best practice? an analysis based on insurance application forms. Digital Threats: Research and Practice5(3), 1-39. https://doi.org/10.1145/3676283
Allianz, S.E. (2025). Allianz Risk Barometer 2025: Identifying the major business risks for 2025. Allianz Global Corporate & Specialty. Retrieved February 23, 2026, from https://commercial.allianz.com/news-and-insights/reports/allianz-risk-barometer.html
Amani, F., Magnan, M., & Moldovan, R. (2025). Cybersecurity Risks and Incidents Disclosure: A Literature Review. Accounting Perspectives24(3), 605-667. https://doi.org/10.1111/1911-3838.12411
AXA. (2025). AXA Future Risks Report 2025. Retrieved February 23, 2026, from https://www.axa.com/en/news/future-risks-report?tab=future-risks-report-2025
Bace, B., Dubois, E., & Tatar, U. (2024). Resilience against Catastrophic Cyber Incidents: A Multistakeholder Analysis of Cyber Insurance. Electronics13(14), 2768. https://doi.org/10.3390/electronics13142768
Ballestra, L. V., D'Amato, V., Fersini, P., Forte, S., & Greco, F. (2024). Pricing Cyber Insurance: A Geospatial Statistical Approach. Applied Stochastic Models in Business and Industry40(5), 1365-1376. https://doi.org/10.1002/asmb.2891
Banerjee, S., & Das, S. (2024). Analyzing the Critical Challenges of Cyber Insurance Market: A Fuzzy DEMATEL Approach. In Proceedings of the International Conference on Industrial Engineering and Operations Management. https://doi.org/10.46254/EU07.20240258
Bardopoulos, J. (2025). Cyber-insurance pricing models. British Actuarial Journal30, e6. https://doi.org/10.1017/S1357321724000205
Boonen, T. J., Feng, Y., & Tong, Z. (2025). Cybersecurity investments and cyber insurance purchases in a non-cooperative game. ASTIN Bulletin: The Journal of the IAA55(2), 426-448. https://doi.org/10.1017/asb.2024.40
Carannante, M., & Mazzoccoli, A. (2025). An Analytical Review of Cyber Risk Management by Insurance Companies: A Mathematical Perspective. Risks13(8), 144. https://doi.org/10.3390/risks13080144
Cimbru, I., Wagner, J., & Zeier Röschmann, A. (2025). On IoT‐enabled risk prevention and insurance: A systematic literature review. Risk Management and Insurance Review. https://doi.org/10.1111/rmir.70025
Clemente, G. P., Cornaro, A., & Belvedere, S. (2025). Pricing Cyber Risk Insurance Coverages by Means of Epidemic Models and Network Theory. Variance18. https://variancejournal.org/article/74729-pricing-cyber-risk-insurance-coverages-by-means-of-epidemic-models-and-network-theory
Cremer, F., Sheehan, B., Mullins, M., Fortmann, M., Materne, S., & Murphy, F. (2024). Enhancing cyber insurance strategies: exploring reinsurance and alternative risk transfer approaches. Journal of Cybersecurity10(1), tyae027. https://doi.org/10.1093/cybsec/tyae027
Cremer, F., Sheehan, B., Mullins, M., Fortmann, M., Ryan, B. J., & Materne, S. (2024). On the insurability of cyber warfare: An investigation into the German cyber insurance market. Computers & Security, 142, 103886. https://doi.org/10.1016/j.cose.2024.103886
Cybersecurity Ventures. (2025). Cyberwarfare in the C-Suite 2025. Retrieved February 23, 2026, from https://cybersecurityventures.com/cybercrime-damage-costs-10-trillion-by-2025/?hl=en-US
Eling, M., & Jung, K. (2025). Optimism bias and its impact on cyber risk management decisions. Risk Sciences1, 100001. https://doi.org/10.1016/j.risk.2024.100001
Fattahi Zafarghandi, S. (2023). A comparative study of cyber insurance laws. Proceedings of the 1st International Conference on Law, Management, Educational Sciences, Psychology, and Educational Planning Management. https://civilica.com/doc/1877044 (in Persian)
Gómez, Y., Branley-Bell, D., Briggs, P., & Vila, J. (2025). Cyberinsurance adoption strategies and security of online behaviour: an experimental study. Behaviour & Information Technology44(6), 1169-1182. https://doi.org/10.1080/0144929X.2025.2467891
Hamid, N. H. A. A., Mokhtar, M., Abd Manan, W. K. A. W., & Hashim, H. (2025). Exploring Critical Success Factors in Compliance-Driven Cyber Insurance within Malaysian Organizations: A COBIT 5 enabler approach. Environment-Behaviour Proceedings Journal10(SI31), 77-84. https://doi.org/10.21834/e-bpj.v10iSI31.6936
Harel, Y., & Carmeli, A. (2025). A strategic cybersecurity oversight framework: a board’s imperative. Journal of Cybersecurity, 11(1), tyaf021. https://doi.org/10.1093/cybsec/tyaf021
Hasanpour, M., & Oloukhani, N. (2021). Identification and prioritization of challenges facing cyber insurance in Iran. Proceedings of the 28th Insurance and Development Conference. https://civilica.com/doc/1390777 (in Persian)
He, Q., Faure, M., & Chen, C. Y. (2025). Insuring the “uninsurable” cyberwarfare: rethinking war exclusions in cyber policies and the role of insurance in global cybersecurity governance. The Geneva Papers on Risk and Insurance-Issues and Practice, 1-32. https://doi.org/10.1057/s41288-025-00346-3
Hui, W., Hui, K. L., & Yue, W. T. (2024). Cyber Insurance and Post-Breach Services: A Normative Analysis. Service Science16(2), 124-141. https://doi.org/10.1287/serv.2021.0120
Jain, R., Hrle, T., & Woods, D. W. (2025). Insurance versus digital harm: a content analysis of home and cyber insurance policies in the USA and UK. Journal of Cybersecurity11(1), tyae031. https://doi.org/10.1093/cybsec/tyae031
Joshi, C., Slapničar, S., Yang, J., & Ko, R. K. (2025). Contrasting the optimal resource allocation to cybersecurity controls and cyber insurance using prospect theory versus expected utility theory. Computers & Security154, 104450. https://doi.org/10.1016/j.cose.2025.104450
Lefèvre, C., Tamturk, M., Utev, S., & Carenzo, M. (2024). Cyber Risk in Insurance: A Quantum Modeling. Risks12(5), 83. https://doi.org/10.3390/risks12050083
Li, Y., Wang, X., Zhao, P., & Hu, T. (2025). Cyber breach risk modeling for insurance: capturing temporal and cross-group dependence. Annals of Actuarial Science, 1-25. https://doi.org/10.1017/S1748499525100109
Mott, G., Turner, S., Nurse, J. R., MacColl, J., Sullivan, J., Cartwright, A., & Cartwright, E. (2023). Between a rock and a hard (ening) place: Cyber insurance in the ransomware era. Computers & Security128, 103162. https://doi.org/10.1016/j.cose.2023.103162
Muktadir-Al-Mukit, D., & Ali, M. H. (2025). The dynamics of stock market responses following the cyber-attacks news: Evidence from event study. Information Systems Frontiers, 1-18. https://doi.org/10.1007/s10796-025-10639-6
Nobitex. (2025). Nobitex hack: CEO answers users’ questions [Web page]. Retrieved February 23, 2026, from https://nobitex.ir/mag/nobitex-hack/
Piralou, M., Danakhoo, H., & Ameri Siahuei, H. (2025). Challenges of cyber insurance. Proceedings of the 5th International Conference on Advanced Research in Management and Humanities. https://civilica.com/doc/2325794  (in Persian)
Puteri, N. K., Kusnadi, F., & Kristiani, F. (2025). Cybersecurity Insurance Modeling Using Archimedean Copulas. Science & Technology Asia, 177-188. https://doi.10.14456/scitechasia.2025.11
Sadeghi, A., & Asghari Eskouei, M. R. (2021). A review of risk estimation models in cyber insurance. Proceedings of the 28th Insurance and Development Conference. https://civilica.com/doc/1390872 (in Persian)
Schütz, F., Rampold, F., Kalisch, A., & Masuch, K. (2023). Consumer cyber insurance as risk transfer: a coverage analysis. Procedia Computer Science219, 521-528. https://doi.org/10.1016/j.procs.2023.01.320
Skeoch, H. R., & Ioannidis, C. (2024). The barriers to sustainable risk transfer in the cyber-insurance market. Journal of Cybersecurity10(1), tyae003. https://doi.org/10.1093/cybsec/tyae003
Tsohou, A., Diamantopoulou, V., Gritzalis, S., & Lambrinoudakis, C. (2023). Cyber insurance: state of the art, trends and future directions. International Journal of Information Security22(3), 737-748. https://doi.org/10.1007/s10207-023-00660-8
Woods, D. W., & Wolff, J. (2025). A history of cyber risk transfer. Journal of Cybersecurity, 11(1), tyae028. https://doi.org/10.1093/cybsec/tyae028
World Bank. (2025). GDP (current US$) – China [NY.GDP.MKTP.CD]. World Development Indicators. Retrieved from https://data.worldbank.org/indicator/NY.GDP.MKTP.CD?locations=CN
Zhao, A. P., Fei, F. X., & Alhazmi, M. (2024). Cyber Insurance for Energy Economic Risks. Smart Cities (2624-6511)7(4). https://doi.org/10.3390/smartcities7040081
Zhao, A. P., Gu, C., Bao, Z., Cheng, X., & Alhazmi, M. (2025). Optimizing Cyber Insurance and Defense for Multi‐Energy Systems Under False Data Injections. IET Renewable Power Generation19(1), e70011. https://doi.org/10.1049/rpg2.70011
Journal of Information System and Technology Auditing
Volume 1, Issue 2 - Serial Number 2
September 2026
Pages 199-219

  • Receive Date 29 December 2025
  • Accept Date 24 February 2026
  • Publish Date 23 September 2025