Difference between revisions of "Models and Measures for Correlation in Cyber-Insurance"

From Cybersecurity Wiki
Jump to navigation Jump to search
(New page: ==Full Title of Reference== Models and Measures for Correlation in Cyber-Insurance ==Full Citation== Rainer Bohme, ''Models and Measures for Correlation in Cyber-Insurance'', Workshop on...)
 
Line 4: Line 4:
 
==Full Citation==
 
==Full Citation==
  
Rainer Bohme, ''Models and Measures for Correlation in Cyber-Insurance'', Workshop on the Economics of Information Security (2006). [http://weis2006.econinfosec.org/docs/16.pdf  ''Web''] [http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&action=viewsource&startkey=Bohme_Kataria:2006&f=wikibiblio.bib ''BibTeX'']
+
Rainer Bohme, ''Models and Measures for Correlation in Cyber-Insurance'', Workshop on the Economics of Information Security (2006).
 +
[http://weis2006.econinfosec.org/docs/16.pdf  ''Web'']
 +
 
 +
[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&action=viewsource&startkey=Bohme_Kataria:2006&f=wikibiblio.bib ''BibTeX'']
  
 
==Categorization==
 
==Categorization==
  
Issues: [[Insurance]] [[Economics of Cyber Security]]
+
Issues: [[Economics of Cyber Security]]; [[Insurance]]  
  
 
==Key Words==
 
==Key Words==

Revision as of 20:54, 23 June 2010

Full Title of Reference

Models and Measures for Correlation in Cyber-Insurance

Full Citation

Rainer Bohme, Models and Measures for Correlation in Cyber-Insurance, Workshop on the Economics of Information Security (2006). Web

BibTeX

Categorization

Issues: Economics of Cyber Security; Insurance

Key Words

Insurance

Synopsis

High correlation in failure of information systems due to worms and viruses has been cited as major impediment to cyber-insurance. However, of the many cyber-risk classes that influence failure of information systems, not all exhibit similar correlation properties. In this paper, we introduce a new classification of correlation properties of cyber-risks based on a twin-tier approach. At the first tier, is the correlation of cyber-risks within a firm i.e. correlated failure of multiple systems on its internal network. At second tier, is the correlation in risk at a global level i.e. correlation across independent firms in an insurer’s portfolio. Various classes of cyber-risks exhibit different level of correlation at two tiers, for instance, insider attacks exhibit high internal but low global correlation. While internal risk correlation within a firm influences its decision to seek insurance, the global correlation influences insurers’ decision in setting the premium. Citing real data we study the combined dynamics of the two-step risk arrival process to determine conditions conducive to the existence of cyber-insurance market.

Additional Notes and Highlights