Modeling Cyber-Insurance

From Cybersecurity Wiki
Revision as of 10:48, 3 August 2010 by Felix (talk | contribs)
Jump to navigation Jump to search

Full Title of Reference

Modeling Cyber-Insurance: Towards A Unified Framework

Full Citation

Rainer Bohme and Galina Schwartz, Modeling Cyber-Insurance: Towards A Unified Framework, Workshop on the Economics of Information Security, Harvard University, Cambridge, MA (June 2010). Web



Key Words

Botnet, Honeypot, Interdependencies, Phishing, Risk Modeling, SPAM, Worm


The paper proposes a comprehensive formal framework to classify all market models of cyber-insurance we are aware of. The framework features a common terminology and deals with the specific properties of cyber-risk in a unified way: interdependent security, correlated risk, and information asymmetries. A survey of existing models, tabulated according to our framework, reveals a discrepancy between informal arguments in favor of cyber-insurance as a tool to align incentives for better network security, and analytical results questioning the viability of a market for cyber-insurance. Using our framework, we show which parameters should be considered and endogenized in future models to close this gap.

Additional Notes and Highlights

Expertise Requires: Economics - High


 1. Introduction
 2. A General Framework for Modeling Cyber-Insurance Markets
   2.1 Network Environment: Connected Nodes
     2.1.1 Defense Function
     2.1.2 Network Topology
     2.1.3 Risk Arrival
     2.1.4 Attacker Model
   2.2 Demand Side: Agents
     2.2.1 Node Control
     2.2.2 Heterogeneity
     2.2.3 Agents’ Risk Aversion
     2.2.4 Action Space
     2.2.5 Time
   2.3 Supply Side: Insurers
     2.3.1 Market Structure
     2.3.2 Insurers’ Risk Aversion
     2.3.3 Markup
     2.3.4 Contract Design
     2.3.5 Higher-Order Risk Transfer
   2.4 Information Structure
     2.4.1 Information Asymmetries in the Conventional Insurance Literature
     2.4.2 Information Asymmetries Specific to Cyber-Insurance
     2.4.3 Timing
   2.5 Organizational Environment
     2.5.1 Regulator
     2.5.2 ICT Manufacturers
     2.5.3 Network Intermediaries
     2.5.4 Security Service Providers
 3 Using the Framework for a Literature Survey
   3.1 Market Models
     3.1.1 Comparison Across Models
     3.1.2 Discussion of Individual Models
   3.2 Related Topics
 4 Concluding Remarks