Modeling Cyber-Insurance: Difference between revisions

From Cybersecurity Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 15: Line 15:
==Key Words==
==Key Words==


[[Cyber-Insurance]], [[Risk Assessment]]
[[Cyber-Insurance]], [[Risk Assessment]]


==Synopsis==
==Synopsis==


 
We propose a comprehensive formal framework to classify all market models
of cyber-insurance we are aware of. The framework features a common terminology
and deals with the specific properties of cyber-risk in a unified way: interdependent
security, correlated risk, and information asymmetries. A survey of
existing models, tabulated according to our framework, reveals a discrepancy between
informal arguments in favor of cyber-insurance as a tool to align incentives
for better network security, and analytical results questioning the viability of a market
for cyber-insurance. Using our framework, we show which parameters should
be considered and endogenized in future models to close this gap.


==Additional Notes and Highlights==
==Additional Notes and Highlights==

Revision as of 09:16, 24 June 2010

Full Title of Reference

Modeling Cyber-Insurance: Towards A Unified Framework

Full Citation

Rainer Bohme and Galina Schwartz, Modeling Cyber-Insurance, Workshop on the Economics of Information Security, Harvard University, Cambridge, MA (June 2010). Web

BibTeX

Categorization

Issues: Economics of Cyber Security; Insurance

Key Words

Cyber-Insurance, Risk Assessment

Synopsis

We propose a comprehensive formal framework to classify all market models of cyber-insurance we are aware of. The framework features a common terminology and deals with the specific properties of cyber-risk in a unified way: interdependent security, correlated risk, and information asymmetries. A survey of existing models, tabulated according to our framework, reveals a discrepancy between informal arguments in favor of cyber-insurance as a tool to align incentives for better network security, and analytical results questioning the viability of a market for cyber-insurance. Using our framework, we show which parameters should be considered and endogenized in future models to close this gap.

Additional Notes and Highlights