Difference between revisions of "Models and Measures for Correlation in Cyber-Insurance"
|Line 7:||Line 7:|
Revision as of 20:55, 23 June 2010
Full Title of Reference
Models and Measures for Correlation in Cyber-Insurance
Rainer Bohme, Models and Measures for Correlation in Cyber-Insurance, Workshop on the Economics of Information Security (2006). Web
High correlation in failure of information systems due to worms and viruses has been cited as major impediment to cyber-insurance. However, of the many cyber-risk classes that inﬂuence failure of information systems, not all exhibit similar correlation properties. In this paper, we introduce a new classiﬁcation of correlation properties of cyber-risks based on a twin-tier approach. At the ﬁrst tier, is the correlation of cyber-risks within a ﬁrm i.e. correlated failure of multiple systems on its internal network. At second tier, is the correlation in risk at a global level i.e. correlation across independent ﬁrms in an insurer’s portfolio. Various classes of cyber-risks exhibit diﬀerent level of correlation at two tiers, for instance, insider attacks exhibit high internal but low global correlation. While internal risk correlation within a ﬁrm inﬂuences its decision to seek insurance, the global correlation inﬂuences insurers’ decision in setting the premium. Citing real data we study the combined dynamics of the two-step risk arrival process to determine conditions conducive to the existence of cyber-insurance market.