Difference between revisions of "Modeling Cyber-Insurance"

From Cybersecurity Wiki
Jump to navigation Jump to search
Line 15: Line 15:
 
==Key Words==
 
==Key Words==
  
[[Cyber-Insurance]], [[Risk Assessment]]
+
[[Cyber-Insurance]], [[Risk Assessment]]
  
 
==Synopsis==
 
==Synopsis==
  
 
+
We propose a comprehensive formal framework to classify all market models
 +
of cyber-insurance we are aware of. The framework features a common terminology
 +
and deals with the specific properties of cyber-risk in a unified way: interdependent
 +
security, correlated risk, and information asymmetries. A survey of
 +
existing models, tabulated according to our framework, reveals a discrepancy between
 +
informal arguments in favor of cyber-insurance as a tool to align incentives
 +
for better network security, and analytical results questioning the viability of a market
 +
for cyber-insurance. Using our framework, we show which parameters should
 +
be considered and endogenized in future models to close this gap.
  
 
==Additional Notes and Highlights==
 
==Additional Notes and Highlights==

Revision as of 14:16, 24 June 2010

Full Title of Reference

Modeling Cyber-Insurance: Towards A Unified Framework

Full Citation

Rainer Bohme and Galina Schwartz, Modeling Cyber-Insurance, Workshop on the Economics of Information Security, Harvard University, Cambridge, MA (June 2010). Web

BibTeX

Categorization

Issues: Economics of Cyber Security; Insurance

Key Words

Cyber-Insurance, Risk Assessment

Synopsis

We propose a comprehensive formal framework to classify all market models of cyber-insurance we are aware of. The framework features a common terminology and deals with the specific properties of cyber-risk in a unified way: interdependent security, correlated risk, and information asymmetries. A survey of existing models, tabulated according to our framework, reveals a discrepancy between informal arguments in favor of cyber-insurance as a tool to align incentives for better network security, and analytical results questioning the viability of a market for cyber-insurance. Using our framework, we show which parameters should be considered and endogenized in future models to close this gap.

Additional Notes and Highlights