While advances in information technology and interconnectivity have improved efficiency for transportation infrastructure, they have also created higher risk associated with cyber systems. The objective of this study is to inform transportation policy and management in the U.S. by identifying barriers to a robust cyber insurance market and improved cyber resilience for transportation infrastructure. This is accomplished through a mixed-methods approach involving analysis of U.S. cyber incident data for transportation systems and a series of interviews with transportation infrastructure managers and insurers. Contributions include new insights into the nature of cyber risk for transportation infrastructure and recommendations on research needs to improve cyber risk management and insurance. Results indicate that the annual number of transport-related companies affected by cyber incidents and the associated costs are on the rise. The most common incidents involve data breaches, while incidents involving privacy violation have the highest average loss per incident. Cyber risk assessment, mitigation and security measures, and insurance are being implemented to varying degrees in transportation infrastructure systems but are generally inadequate. Infrastructure managers do not currently have the tools to rigorously assess and manage cyber risk. Limited data and models also inhibit the accurate modeling of cyber risk for insurance purposes. Even after improved tools and modeling are developed, insurance purchase can be an important risk management strategy to allow transportation infrastructure systems to recover from cyber incidents.
- Cyber insurance
- Transportation infrastructure
ASJC Scopus subject areas
- Geography, Planning and Development