Difference between revisions of "Models and Measures for Correlation in Cyber-Insurance"

From Cybersecurity Wiki
Jump to navigation Jump to search
Line 7: Line 7:
 
[http://weis2006.econinfosec.org/docs/16.pdf  ''Web'']
 
[http://weis2006.econinfosec.org/docs/16.pdf  ''Web'']
  
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&action=viewsource&startkey=Bohme_Kataria:2006&f=wikibiblio.bib ''BibTeX'']
+
[http://cyber.law.harvard.edu/cybersecurity/Special:Bibliography?f=wikibiblio.bib&title=Special:Bibliography&view=detailed&action=&keyword=Bohme_Kataria:2006 ''BibTeX'']
  
 
==Categorization==
 
==Categorization==

Revision as of 20:55, 23 June 2010

Full Title of Reference

Models and Measures for Correlation in Cyber-Insurance

Full Citation

Rainer Bohme, Models and Measures for Correlation in Cyber-Insurance, Workshop on the Economics of Information Security (2006). Web

BibTeX

Categorization

Issues: Economics of Cyber Security; Insurance

Key Words

Insurance

Synopsis

High correlation in failure of information systems due to worms and viruses has been cited as major impediment to cyber-insurance. However, of the many cyber-risk classes that influence failure of information systems, not all exhibit similar correlation properties. In this paper, we introduce a new classification of correlation properties of cyber-risks based on a twin-tier approach. At the first tier, is the correlation of cyber-risks within a firm i.e. correlated failure of multiple systems on its internal network. At second tier, is the correlation in risk at a global level i.e. correlation across independent firms in an insurer’s portfolio. Various classes of cyber-risks exhibit different level of correlation at two tiers, for instance, insider attacks exhibit high internal but low global correlation. While internal risk correlation within a firm influences its decision to seek insurance, the global correlation influences insurers’ decision in setting the premium. Citing real data we study the combined dynamics of the two-step risk arrival process to determine conditions conducive to the existence of cyber-insurance market.

Additional Notes and Highlights