Cybersecurity Insurance: Modeling and Pricing

Xu, Maochao; Hua, Lei

doi:10.1080/10920277.2019.1566076

Cited by 72 publications

(76 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Cybersecurity insurance (or cyber liability insurance) is a product that an entity can purchase to help reduce the financial risks associated with online business. It encompasses a contract wherein, in exchange for a fee, the insurance policy transfers some of the risk to the insurer [64], [65]. Our results imply that the modeling and pricing of cybersecurity insurance should take into account both positive and negative externalities derived from immunization.…”

Section: A Cybersecurity Insurancementioning

confidence: 97%

See 1 more Smart Citation

Beyond Herd Immunity Against Strategic Attackers

et al. 2020

View full text Add to dashboard Cite

Herd immunity, one of the most fundamental concepts in network epidemics, occurs when a large fraction of the population of devices is immune against a virus or malware. The few individuals who have not taken countermeasures against the threat are assumed to have very low chances of infection, as they are indirectly protected by the rest of the devices in the network. Although very fundamental, herd immunity does not account for strategic attackers scanning the network for vulnerable nodes. In face of such attackers, nodes who linger vulnerable in the network become easy targets, compromising cybersecurity. In this paper, we propose an analytical model which allows us to capture the impact of countermeasures against attackers when both endogenous as well as exogenous infections coexist. Using the proposed model, we show that a diverse set of potential attacks produces non-trivial equilibria, some of which go counter to herd immunity; e.g., our model suggests that nodes should adopt countermeasures even when the remainder of the nodes has already decided to do so. INDEX TERMS Cybersecurity, denial-of-service attacks, network epidemics, network security.

show abstract

Section: A Cybersecurity Insurancementioning

confidence: 97%

“…Our results imply that the modeling and pricing of cybersecurity insurance should take into account both positive and negative externalities derived from immunization. In particular, the model proposed in this paper may serve as an additional ingredient when assessing insurance prices [65].…”

Section: A Cybersecurity Insurancementioning

confidence: 99%

Beyond Herd Immunity Against Strategic Attackers

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Expected aggregate network losses are estimated using a polynomial approximation of claims and a mean-field approach. [80] use Markovian and Non-Markovian processes for epidemic spreading and propose to use a copula approach to capture the dependence among time-to-infection distributions. Via Monte-Carlo simulation, a pricing framework for cyber insurance is evaluated and the effects of different infection distributions and dependence among infection processes on aggregate losses are studied.…”

Section: Interdependence and Network Modelsmentioning

confidence: 99%

A Comprehensive Model for Cyber Risk Based on Marked Point Processes and Its Application to Insurance

Zeller

Scherer

2020

SSRN Journal

View full text Add to dashboard Cite

“…Using the latter approach, the security vulnerabilities, the expected loss due to security breaches, and the amount of premium to be charged by the insurer are assessed, while taking into consideration the computed expected loss, the risk profile, and wealth of the insured firm. In the work of Xu and Hua, a novel cybersecurity insurance model is designed, which is based mainly on the use of (a) Markov and non‐Markov models to depict the dynamic evolution of the network attack and recovery processes over time and (b) Monte Carlo simulations to study the insurance pricing strategies in practice. In the same context, Bandyopadhyay and Mookerjee proposed a model for assessing the insurer's optimal pricing decision that is based on the insured firm's claim indemnity strategy when different types of breaches and the subsequent losses (primary and secondary losses) are considered.…”

Section: State Of the Artmentioning

confidence: 99%

Enterprise security economics: A self‐defense versus cyber‐insurance dilemma

Miaoui

Boudriga

2019

Appl Stoch Models Bus & Ind

View full text Add to dashboard Cite

We propose a model that optimizes enterprise investments in cybersecurity using expected utility theory. The model allows computing (a) investment in self-defense to reduce the risk of security breaches, (b) investment in cyber insurance to transfer the residual risk to insurance companies, and (c) investment in forensic readiness to make the insured firms capable of generating provable insurance claims about security breaches. A three-phase-based model of vulnerability rate evolution over time is proposed and used to estimate the different planned security expenditures throughout the investment horizon.At the starting time of investment, a decision maker invests to cover the existing risk of breach and periodically spends to cover the additional risk observed due to the release of new vulnerabilities. In this work, the intermediate tranches are determined while considering three different attitudes of decision makers, namely, optimistic, pessimistic, and realistic. An analysis is conducted to assess the performance of the proposed models. KEYWORDSforensic readiness, information security, optimal investment, risk minimization 448

show abstract

Cybersecurity Insurance: Modeling and Pricing

Cited by 72 publications

References 25 publications

Beyond Herd Immunity Against Strategic Attackers

Beyond Herd Immunity Against Strategic Attackers

A Comprehensive Model for Cyber Risk Based on Marked Point Processes and Its Application to Insurance

Enterprise security economics: A self‐defense versus cyber‐insurance dilemma

Contact Info

Product

Resources

About