Difference between revisions of "Models and Measures for Correlation in Cyber-Insurance"
|Line 10:||Line 10:|
Revision as of 15:53, 29 July 2010
Full Title of Reference
Models and Measures for Correlation in Cyber-Insurance
Rainer Bohme, Models and Measures for Correlation in Cyber-Insurance, Workshop on the Economics of Information Security (2006). Web
High correlation in failure of information systems due to worms and viruses has been cited as major impediment to cyber-insurance. However, of the many cyber-risk classes that inﬂuence failure of information systems, not all exhibit similar correlation properties. In this paper, the author introduces a new classiﬁcation of correlation properties of cyber-risks based on a twin-tier approach. At the ﬁrst tier, is the correlation of cyber-risks within a ﬁrm i.e. correlated failure of multiple systems on its internal network. At second tier, is the correlation in risk at a global level i.e. correlation across independent ﬁrms in an insurer’s portfolio. Various classes of cyber-risks exhibit diﬀerent level of correlation at two tiers, for instance, insider attacks exhibit high internal but low global correlation. While internal risk correlation within a ﬁrm inﬂuences its decision to seek insurance, the global correlation inﬂuences insurers’ decision in setting the premium. Citing real data, the articles studies the combined dynamics of the two-step risk arrival process to determine conditions conducive to the existence of cyber-insurance market.
Section 2 elaborates on the source of correlation of IT risks and explains how different classes of risk vary in terms of relative importance of internal and global risk correlation. Due to significant homogeneity and presence of dependencies in computer systems their failure is highly correlated. Recent spate of Internet worms like MS-Blaster and Sasser have highlighted this very threat. These worms exploited vulnerabilities present in ubiquitous Microsoft Windows operating system to infect millions of computers worldwide. Computer viruses like worms are also highly contagious. Using email to spread, Mydoom virus compiled for Win32 platform – generic for Windows operating system – was able to infect an estimated million computers worldwide within 5 days of its release. Although worms and viruses receive maximum media attention, other factors that can cause significant economic damage to a firm’s information system include, insider attacks, spam, configuration errors, hardware failure, software bugs, and theft among others
Modeling the Market for Cyber-Insurance
Section 3 proposes a comprehensive equilibrium model for the cyber-insurance market. The model captures specific features of information assets and includes both types of risk correlation as exogenous parameters. A simulation experiment in the same section demonstrates under which configurations of internal and global correlation a cyber-insurance market may thrive. The formal model presented consists of supply- (Sect. 3.1) and demand-side (3.2) of a cyber-insurance market and the equilibrium conditions (3.3). Inference from the model is drawn using Monte Carlo simulation methods (3.4).
Empirical Estimation of Correlation in Risk-Arrival due to Network Exploits
The second main contribution of this paper is discussed in Section 4, where the author presents a method to empirically estimate the size of correlation from distributed honeynet data. The existence of correlation in cyber-risks is taken as a plausible presumption in the literature though the evidence is merely anecdotal. In this section, the authors uses quantitative longitudinal data on attack intensity to obtain rough estimates for the range of realistic correlation parameters. He gives broad estimates for global and internal correlation, compare different models of correlation structure, and address requirements for future data collection to yield more valid and reliable results.
Additional Notes and Highlights
1. Introduction 2 The Correlated Nature of IT Security Risks 2.1 Classes of Cyber-Risk and Correlation 2.2 Implications for Cyber-Insurance Policy Design 3 Modeling the Market for Cyber-Insurance 3.1 Supply-Side: Two-Step Risk Arrival with Correlation 3.1.1 Intra-Firm Risk Correlation 3.1.2 Global Risk Correlation 3.2 Demand-Side: Information Security Risk Management 3.2.1 Modeling Information Assets 3.2.2 Firm’s Decision to Seek Insurance 3.3 Market Equilibrium Conditions 3.4 Simulation Results 4 Empirical Estimation of Correlation in Risk-Arrival due to Network Exploits 4.1 Description of Data 4.2 Estimation of Global Correlation 4.2.1 Beta-Binomial Model 4.2.2 One-factor Latent Risk Model 4.2.3 Comparison of Models for Global Correlation 4.3 Estimation of Internal Correlation 4.4 Validity and Robustness 5 Discussion 5.1 Summary of Results 5.2 Implications 5.3 Directions for Future Research