Modeling Cyber-Insurance: Difference between revisions
No edit summary |
No edit summary |
||
| Line 10: | Line 10: | ||
==Categorization== | ==Categorization== | ||
* Issues: [[Insurance]] | |||
* Issues: | * Approaches: [[Private Efforts/Organizations]] | ||
==Key Words== | ==Key Words== | ||
[[Keyword_Index_and_Glossary_of_Core_Ideas#Botnet | Botnet]], | |||
[[ | [[Keyword_Index_and_Glossary_of_Core_Ideas#Honeypot | Honeypot]], | ||
[[Keyword_Index_and_Glossary_of_Core_Ideas#Interdependencies | Interdependencies]], | |||
[[Keyword_Index_and_Glossary_of_Core_Ideas#Phishing | Phishing]], | |||
[[Keyword_Index_and_Glossary_of_Core_Ideas#Risk_Modeling | Risk Modeling]], | |||
[[Keyword_Index_and_Glossary_of_Core_Ideas#SPAM | SPAM]], | |||
[[Keyword_Index_and_Glossary_of_Core_Ideas#Worm | Worm]] | |||
==Synopsis== | ==Synopsis== | ||
The paper proposes a comprehensive formal framework to classify all market models | |||
of cyber-insurance we are aware of. The framework features a common terminology | of cyber-insurance we are aware of. The framework features a common terminology | ||
and deals with the specific properties of cyber-risk in a unified way: interdependent | and deals with the specific properties of cyber-risk in a unified way: interdependent | ||
| Line 30: | Line 35: | ||
==Additional Notes and Highlights== | ==Additional Notes and Highlights== | ||
Expertise Requires: Economics - High | |||
Outline: | |||
1. Introduction | |||
2. A General Framework for Modeling Cyber-Insurance Markets | |||
2.1 Network Environment: Connected Nodes | |||
2.1.1 Defense Function | |||
2.1.2 Network Topology | |||
2.1.3 Risk Arrival | |||
2.1.4 Attacker Model | |||
2.2 Demand Side: Agents | |||
2.2.1 Node Control | |||
2.2.2 Heterogeneity | |||
2.2.3 Agents’ Risk Aversion | |||
2.2.4 Action Space | |||
2.2.5 Time | |||
2.3 Supply Side: Insurers | |||
2.3.1 Market Structure | |||
2.3.2 Insurers’ Risk Aversion | |||
2.3.3 Markup | |||
2.3.4 Contract Design | |||
2.3.5 Higher-Order Risk Transfer | |||
2.4 Information Structure | |||
2.4.1 Information Asymmetries in the Conventional Insurance Literature | |||
2.4.2 Information Asymmetries Specific to Cyber-Insurance | |||
2.4.3 Timing | |||
2.5 Organizational Environment | |||
2.5.1 Regulator | |||
2.5.2 ICT Manufacturers | |||
2.5.3 Network Intermediaries | |||
2.5.4 Security Service Providers | |||
3 Using the Framework for a Literature Survey | |||
3.1 Market Models | |||
3.1.1 Comparison Across Models | |||
3.1.2 Discussion of Individual Models | |||
3.2 Related Topics | |||
4 Concluding Remarks | |||
Revision as of 10:48, 3 August 2010
Full Title of Reference
Modeling Cyber-Insurance: Towards A Unified Framework
Full Citation
Rainer Bohme and Galina Schwartz, Modeling Cyber-Insurance: Towards A Unified Framework, Workshop on the Economics of Information Security, Harvard University, Cambridge, MA (June 2010). Web
Categorization
- Issues: Insurance
- Approaches: Private Efforts/Organizations
Key Words
Botnet, Honeypot, Interdependencies, Phishing, Risk Modeling, SPAM, Worm
Synopsis
The paper proposes a comprehensive formal framework to classify all market models of cyber-insurance we are aware of. The framework features a common terminology and deals with the specific properties of cyber-risk in a unified way: interdependent security, correlated risk, and information asymmetries. A survey of existing models, tabulated according to our framework, reveals a discrepancy between informal arguments in favor of cyber-insurance as a tool to align incentives for better network security, and analytical results questioning the viability of a market for cyber-insurance. Using our framework, we show which parameters should be considered and endogenized in future models to close this gap.
Additional Notes and Highlights
Expertise Requires: Economics - High
Outline:
1. Introduction
2. A General Framework for Modeling Cyber-Insurance Markets
2.1 Network Environment: Connected Nodes
2.1.1 Defense Function
2.1.2 Network Topology
2.1.3 Risk Arrival
2.1.4 Attacker Model
2.2 Demand Side: Agents
2.2.1 Node Control
2.2.2 Heterogeneity
2.2.3 Agents’ Risk Aversion
2.2.4 Action Space
2.2.5 Time
2.3 Supply Side: Insurers
2.3.1 Market Structure
2.3.2 Insurers’ Risk Aversion
2.3.3 Markup
2.3.4 Contract Design
2.3.5 Higher-Order Risk Transfer
2.4 Information Structure
2.4.1 Information Asymmetries in the Conventional Insurance Literature
2.4.2 Information Asymmetries Specific to Cyber-Insurance
2.4.3 Timing
2.5 Organizational Environment
2.5.1 Regulator
2.5.2 ICT Manufacturers
2.5.3 Network Intermediaries
2.5.4 Security Service Providers
3 Using the Framework for a Literature Survey
3.1 Market Models
3.1.1 Comparison Across Models
3.1.2 Discussion of Individual Models
3.2 Related Topics
4 Concluding Remarks