Full Title of Reference
Modeling Cyber-Insurance: Towards A Unified Framework
Rainer Bohme and Galina Schwartz, Modeling Cyber-Insurance: Towards A Unified Framework, Workshop on the Economics of Information Security, Harvard University, Cambridge, MA (June 2010). Web
The paper proposes a comprehensive formal framework to classify all market models of cyber-insurance we are aware of. The framework features a common terminology and deals with the specific properties of cyber-risk in a unified way: interdependent security, correlated risk, and information asymmetries. A survey of existing models, tabulated according to our framework, reveals a discrepancy between informal arguments in favor of cyber-insurance as a tool to align incentives for better network security, and analytical results questioning the viability of a market for cyber-insurance. Using our framework, we show which parameters should be considered and endogenized in future models to close this gap.
Additional Notes and Highlights
Expertise Requires: Economics - High
1. Introduction 2. A General Framework for Modeling Cyber-Insurance Markets 2.1 Network Environment: Connected Nodes 2.1.1 Defense Function 2.1.2 Network Topology 2.1.3 Risk Arrival 2.1.4 Attacker Model 2.2 Demand Side: Agents 2.2.1 Node Control 2.2.2 Heterogeneity 2.2.3 Agents’ Risk Aversion 2.2.4 Action Space 2.2.5 Time 2.3 Supply Side: Insurers 2.3.1 Market Structure 2.3.2 Insurers’ Risk Aversion 2.3.3 Markup 2.3.4 Contract Design 2.3.5 Higher-Order Risk Transfer 2.4 Information Structure 2.4.1 Information Asymmetries in the Conventional Insurance Literature 2.4.2 Information Asymmetries Specific to Cyber-Insurance 2.4.3 Timing 2.5 Organizational Environment 2.5.1 Regulator 2.5.2 ICT Manufacturers 2.5.3 Network Intermediaries 2.5.4 Security Service Providers 3 Using the Framework for a Literature Survey 3.1 Market Models 3.1.1 Comparison Across Models 3.1.2 Discussion of Individual Models 3.2 Related Topics 4 Concluding Remarks