Cyber insurance is a viable method for cyber risk transfer. However, it has been shown that depending on the features of the underlying environment, it may or may not improve the state of network security. In this paper, we consider a single profit-maximizing insurer (principal) with voluntarily participating insureds/clients (agents). We are particularly interested in two distinct features of cyber security and their impact on the contract design problem. The first is the interdependent nature of cyber security, whereby one entity’s state of security depends not only on its own investment and effort, but also the efforts of others’ in the same eco-system (i.e. externalities). The second is the fact that recent advances in Internet measurement combined with machine learning techniques now allow us to perform accurate quantitative assessments of security posture at a firm level. This can be used as a tool to perform an initial security audit, or prescreening, of a prospective client to better enable premium discrimination and the design of customized policies. We show that security interdependency leads to a “profit opportunity” for the insurer, created by the inefficient effort levels exerted by interdependent agents who do not account for the risk externalities when insurance is not available; this is in addition to risk transfer that an insurer typically profits from. Security pre-screening then allows the insurer to take advantage of this additional profit opportunity by designing the appropriate contracts which incentivize agents to increase their effort levels, allowing the insurer to “sell commitment” to interdependent agents, in addition to insuring their risks. We identify conditions under which this type of contracts leads to not only increased profit for the principal, but also an improved state of network security.
System , Python , Django , Mysql, Wamp Server
IRE Journals:
B Srinivasa Rao , A Kalavathi
"Designing Cyber Insurance Policies: The Role of Pre-Screening and Security Interdependence" Iconic Research And Engineering Journals Volume 3 Issue 12 2020 Page 136-143
IEEE:
B Srinivasa Rao , A Kalavathi
"Designing Cyber Insurance Policies: The Role of Pre-Screening and Security Interdependence" Iconic Research And Engineering Journals, 3(12)