Modeling Cyber-Insurance

From Cybersecurity Wiki
Revision as of 10:48, 3 August 2010 by Felix (talk | contribs)
Jump to navigation Jump to search

Full Title of Reference

Modeling Cyber-Insurance: Towards A Unified Framework

Full Citation

Rainer Bohme and Galina Schwartz, Modeling Cyber-Insurance: Towards A Unified Framework, Workshop on the Economics of Information Security, Harvard University, Cambridge, MA (June 2010). Web

BibTeX

Categorization

Key Words

Botnet, Honeypot, Interdependencies, Phishing, Risk Modeling, SPAM, Worm

Synopsis

The paper proposes a comprehensive formal framework to classify all market models of cyber-insurance we are aware of. The framework features a common terminology and deals with the specific properties of cyber-risk in a unified way: interdependent security, correlated risk, and information asymmetries. A survey of existing models, tabulated according to our framework, reveals a discrepancy between informal arguments in favor of cyber-insurance as a tool to align incentives for better network security, and analytical results questioning the viability of a market for cyber-insurance. Using our framework, we show which parameters should be considered and endogenized in future models to close this gap.

Additional Notes and Highlights

Expertise Requires: Economics - High

Outline: 

 1. Introduction
 2. A General Framework for Modeling Cyber-Insurance Markets
   2.1 Network Environment: Connected Nodes
     2.1.1 Defense Function
     2.1.2 Network Topology
     2.1.3 Risk Arrival
     2.1.4 Attacker Model
   2.2 Demand Side: Agents
     2.2.1 Node Control
     2.2.2 Heterogeneity
     2.2.3 Agents’ Risk Aversion
     2.2.4 Action Space
     2.2.5 Time
   2.3 Supply Side: Insurers
     2.3.1 Market Structure
     2.3.2 Insurers’ Risk Aversion
     2.3.3 Markup
     2.3.4 Contract Design
     2.3.5 Higher-Order Risk Transfer
   2.4 Information Structure
     2.4.1 Information Asymmetries in the Conventional Insurance Literature
     2.4.2 Information Asymmetries Specific to Cyber-Insurance
     2.4.3 Timing
   2.5 Organizational Environment
     2.5.1 Regulator
     2.5.2 ICT Manufacturers
     2.5.3 Network Intermediaries
     2.5.4 Security Service Providers
 3 Using the Framework for a Literature Survey
   3.1 Market Models
     3.1.1 Comparison Across Models
     3.1.2 Discussion of Individual Models
   3.2 Related Topics
 4 Concluding Remarks
Retrieved from "http://cyber.harvard.edu/cybersecurity/?title=Modeling_Cyber-Insurance&oldid=5143"