Optimal Investment in Cyber-Security under Cyber Insurance for a Multi-Branch Firm

Mazzoccoli, Alessandro; Naldi, Maurizio

doi:10.3390/risks9010024

Cited by 12 publications

(10 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They use ruin theory to compute the premium, which is based on the loading factor formula, precisely as loading on the average amount of claims. The same approach considered here has been proposed by Xu et al (2019) for the optimal allocation of cyber security investments for headquarters and its branches subjected to cyber risk interconnections and by Mazzoccoli and Naldi (2021) to obtain a closed formula for the optimal investment in security under a set of cyber insurance liability scenarios considering a multi-branch firm with correlated vulnerability.…”

Section: Literature Reviewmentioning

confidence: 99%

“…A further problem arises when we consider a set of vulnerable entities whose risks are correlated. This is the case, e.g., for a company's headquarters and its branches, where a breach in any of the entities may disclose information to breach other entities Khalili et al (2018); Mazzoccoli and Naldi (2021); Xu et al (2019). Though this topic has been extensively addressed in the literature, the models proposed are often complex and may not be easy to apply in an industrial context.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Cyber Insurance Premium Setting for Multi-Site Companies under Risk Correlation

Mastroeni,

Mazzoccoli,

Naldi

2023

Risks

Self Cite

View full text Add to dashboard Cite

Correlation in cyber risk represents an additional source of concern for utility and industrial infrastructures, where risks may be introduced by connected systems. A major means of reducing risk is to transfer it through insurance. In this paper, we consider a company which has peripheral branches in addition to its headquarters, where risk correlation is present between all of its sites and insurance is adopted to hedge against economic losses. We employ the expected utility principle (which leads to the well-known mean variance premium formula) to derive the insurance premium under risk correlation under several risk scenarios. Under a first-order approximation, a quasi-linear relationship between the premium and the two major risk factors (the number of branches and the risk correlation coefficient) is determined.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Cyber Insurance Premium Setting for Multi-Site Companies under Risk Correlation

Mastroeni,

Mazzoccoli,

Naldi

2023

Risks

Self Cite

View full text Add to dashboard Cite

show abstract

“…The model is graphed in Figure 2. 2016) and Mazzoccoli and Naldi (2021). Young et al (2016), Rosson et al (2019), and Mazzoccoli and Naldi (2020b) used this model to evaluate the optimal investment in security together with the presence of insurance coverage against cyber-risks, either through simulation or through closed mathematical formulas.…”

Section: Gordon-loeb Class Two Modelmentioning

confidence: 99%

“…Skeoch (2022) has also embraced a similar approach, but employing a utility function (either logarithmic or exponential) and adopting a percentage premium. The analysis has then been extended by Mazzoccoli and Naldi (2021) to the case of a firm with multiple branches and interdependencies, chasing the problem introduced by . The importance of interdependencies is also examined by Uuganbayar et al (2021), who examine the possible incentivizing impact that cyberinsurance has on security investments in the case of interdependence.…”

Section: Introductionmentioning

confidence: 99%

An Overview of Security Breach Probability Models

Mazzoccoli

Naldi

2022

Risks

Self Cite

View full text Add to dashboard Cite

Cybersecurity breach probability functions describe how cybersecurity investments impact the actual vulnerability to cyberattacks through the probability of success of the attack. They essentially use mathematical models to make cyber-risk management choices. This paper provides an overview of the breach probability models that appear in the literature. For each of them, the form of the mathematical functions and their properties are described. The models exhibit a wide variety of functional relationships between breach probability and investments, including linear, concave, convex, and a mixture of the latter two. Each model describes a parametric family, with some models have a single parameter, and others have two. A sensitivity analysis completes the overview to identify the impact of the model parameters: the estimation of the parameters which have a larger influence on the breach probability is more critical and deserves greater attention.

show abstract

“…( 2016 ), and subsequently Mazzoccoli and Naldi ( 2020 ), or Yang and Lui ( 2014 ), Chase et al. ( 2017 ), and Mazzoccoli and Naldi ( 2021 ) who investigate optimal security investments under the presence of cyber insurance in a heterogeneous network, in a cloud computing environment, and for a multi-branch firm with correlated vulnerabilities, respectively. Zhang and Zhu ( 2021 ) use a dynamic moral hazard type of principal–agent model with Markov decision processes to capture decisions on self-protection of the insured and Skeoch ( 2022 ) expands the Gordon–Loeb model (Gordon and Loeb 2002 ) for cybersecurity to a cyber insurance context.…”

Section: Introductionmentioning

confidence: 99%

Risk mitigation services in cyber insurance: optimal contract design and price structure

Zeller

Scherer

2023

Geneva Pap Risk Insur Issues Pract

View full text Add to dashboard Cite

As the cyber insurance market is expanding and cyber insurance policies continue to mature, the potential of including pre-incident and post-incident services into cyber policies is being recognised by insurers and insurance buyers. This work addresses the question of how such services should be priced from the insurer’s viewpoint, i.e. under which conditions it is rational for a profit-maximising, risk-neutral or risk-averse insurer to share the costs of providing risk mitigation services. The interaction between insurance buyer and seller is modelled as a Stackelberg game, where both parties use distortion risk measures to model their individual risk aversion. After linking the notions of pre-incident and post-incident services to the concepts of self-protection and self-insurance, we show that when pricing a single contract, the insurer would always shift the full cost of self-protection services to the insured; however, this does not generally hold for the pricing of self-insurance services or when taking a portfolio viewpoint. We illustrate the latter statement using toy examples of risks with dependence mechanisms representative in the cyber context.

show abstract

Optimal Investment in Cyber-Security under Cyber Insurance for a Multi-Branch Firm

Cited by 12 publications

References 38 publications

Cyber Insurance Premium Setting for Multi-Site Companies under Risk Correlation

Cyber Insurance Premium Setting for Multi-Site Companies under Risk Correlation

An Overview of Security Breach Probability Models

Risk mitigation services in cyber insurance: optimal contract design and price structure

Contact Info

Product

Resources

About