Paper Info
Title
Designing cyber insurance policies in the presence of security interdependence
Abstract
Cyber insurance is a method for risk transfer but may or may not improve the state of network security. In this work, we consider a profit-maximizing insurer with voluntarily participating insureds. We are particularly interested in two features of cybersecurity and their impact on the contract design problem. The first is the interdependent nature of cybersecurity, whereby one entity's state of security depends on its own effort and others' effort. The second is our ability to perform accurate quantitative assessment of security posture at a firm level by combining recent advances in Internet measurement and machine learning techniques. We observe that security interdependency leads to a "profit opportunity" for the insurer, created by the inefficient effort levels exerted by agents who do not account for risk externalities when insurance is not available; this is in addition to risk transfer that an insurer profits from. Security pre-screening allows the insurer to take advantage of this opportunity by designing appropriate contracts which incentivize agents to increase their effort levels, allowing the insurer to effectively "sell commitment" to interdependent agents, in addition to risk transfer. We identify conditions under which this type of contracts lead to an improved state of network security.
Year
Venue
DocType
2017
NetEcon@EC
Conference
ISBN
Citations 
PageRank 
978-1-4503-5089-1
0
0.34
References 
Authors
0
3
Name
Order
Citations
PageRank
Mohammad Mahdi Khalili1215.19
Parinaz Naghizadeh2439.38
Mingyan Liu313.44