2,326 research outputs found
Pricing and Investments in Internet Security: A Cyber-Insurance Perspective
Internet users such as individuals and organizations are subject to different
types of epidemic risks such as worms, viruses, spams, and botnets. To reduce
the probability of risk, an Internet user generally invests in traditional
security mechanisms like anti-virus and anti-spam software, sometimes also
known as self-defense mechanisms. However, such software does not completely
eliminate risk. Recent works have considered the problem of residual risk
elimination by proposing the idea of cyber-insurance. In this regard, an
important research problem is the analysis of optimal user self-defense
investments and cyber-insurance contracts under the Internet environment. In
this paper, we investigate two problems and their relationship: 1) analyzing
optimal self-defense investments in the Internet, under optimal cyber-insurance
coverage, where optimality is an insurer objective and 2) designing optimal
cyber-insurance contracts for Internet users, where a contract is a (premium,
coverage) pair
The Economic Case for Cyberinsurance
We present three economic arguments for cyberinsurance. First, cyberinsurance results in higher security investment, increasing the level of safety for information technology (IT) infrastructure. Second, cyberinsurance facilitates standards for best practices as cyberinsurers seek benchmark security levels for risk management decision-making. Third, the creation of an IT security insurance market redresses IT security market failure resulting in higher overall societal welfare. We conclude that this is a significant theoretical foundation, in addition to market-based evidence, to support the assertion that cyberinsurance is the preferred market solution to managing IT security risks.
On the Role of Risk Perceptions in Cyber Insurance Contracts
Risk perceptions are essential in cyber insurance contracts. With the recent
surge of information, human risk perceptions are exposed to the influences from
both beneficial knowledge and fake news. In this paper, we study the role of
the risk perceptions of the insurer and the user in cyber insurance contracts.
We formulate the cyber insurance problem into a principal-agent problem where
the insurer designs the contract containing a premium payment and a coverage
plan. The risk perceptions of the insurer and the user are captured by coherent
risk measures. Our framework extends the cyber insurance problem containing a
risk-neutral insurer and a possibly risk-averse user, which is often considered
in the literature. The explicit characterizations of both the insurer's and the
user's risk perceptions allow us to show that cyber insurance has the potential
to incentivize the user to invest more on system protection. This possibility
to increase cyber security relies on the facts that the insurer is more
risk-averse than the user (in a minimization setting) and that the insurer's
risk perception is more sensitive to the changes in the user's actions than the
user himself. We investigate the properties of feasible contracts in a case
study on the insurance of a computer system against ransomware.Comment: 6 pages, 3 figure
Insuring the uninsurable : brokers and incomplete insurance contracts
How do markets spread risk when events are unknown or unknowable and where not anticipated in an insurance contract? While the policyholder can "hold up" the insurer for extra contractual payments, the continuing gains from trade on a single contract are often too small to yield useful coverage. By acting as a repository of the reputations of the parties, we show the brokers provide a coordinating mechanism to leverage the collective hold up power of policyholders. This extends both the degree of implicit and explicit coverage. The role is reflected in the terms of broker engagement, specifically in the ownership by the broker of the renewal rights. Finally, we argue that brokers can be motivated to play this role when they receive commissions that are contingent on insurer profits. This last feature questions a recent, well publicized, attack on broker compensation by New York attorney general, Elliot Spitzer. Klassifikation: G22, G24, L1
- ā¦