Models and Measures for Correlation in Cyber-Insurance

From Cybersecurity Wiki
Revision as of 16:12, 3 June 2010 by <bdi>Intern2</bdi> (talk | contribs) (New page: ==Full Title of Reference== Models and Measures for Correlation in Cyber-Insurance ==Full Citation== Rainer Bohme, ''Models and Measures for Correlation in Cyber-Insurance'', Workshop on...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Full Title of Reference

Models and Measures for Correlation in Cyber-Insurance

Full Citation

Rainer Bohme, Models and Measures for Correlation in Cyber-Insurance, Workshop on the Economics of Information Security (2006). Web BibTeX


Issues: Insurance Economics of Cyber Security

Key Words



High correlation in failure of information systems due to worms and viruses has been cited as major impediment to cyber-insurance. However, of the many cyber-risk classes that influence failure of information systems, not all exhibit similar correlation properties. In this paper, we introduce a new classification of correlation properties of cyber-risks based on a twin-tier approach. At the first tier, is the correlation of cyber-risks within a firm i.e. correlated failure of multiple systems on its internal network. At second tier, is the correlation in risk at a global level i.e. correlation across independent firms in an insurer’s portfolio. Various classes of cyber-risks exhibit different level of correlation at two tiers, for instance, insider attacks exhibit high internal but low global correlation. While internal risk correlation within a firm influences its decision to seek insurance, the global correlation influences insurers’ decision in setting the premium. Citing real data we study the combined dynamics of the two-step risk arrival process to determine conditions conducive to the existence of cyber-insurance market.

Additional Notes and Highlights