Cyber insurance of information systems: Security and privacy cyber insurance contracts for ICT and helathcare organizations

Nowadays, more-and-more aspects of our daily activities are digitalized. Data and assets in the cyber-space, both for individuals and organizations, must be safeguarded. Thus, the insurance sector must face the challenge of digital transformation in the 5G era with the right set of tools. In this paper, we present CyberSure-an insurance framework for information systems. CyberSure investigates the interplay between certification, risk management, and insurance of cyber processes. It promotes continuous monitoring as the new building block for cyber insurance in order to overcome the current obstacles of identifying in real-time contractual violations by the insured party and receiving early warning notifications prior the violation. Lightweight monitoring modules capture the status of the operating components and send data to the CyberSure backend system which performs the core decision making. Therefore, an insured system is certified dynamically, with the risk and insurance perspectives being evaluated at runtime as the system operation evolves. As new data become available, the risk management and the insurance policies are adjusted and fine-tuned. When an incident occurs, the insurance company possesses adequate information to assess the situation fast, estimate accurately the level of a potential loss, and decrease the required period for compensating the insured customer. The framework is applied in the ICT and healthcare domains, assessing the system of medium-size organizations. GDPR implications are also considered with the overall setting being effective and scalable

Pricing and Investments in Internet Security: A Cyber-Insurance Perspective

Internet users such as individuals and organizations are subject to different types of epidemic risks such as worms, viruses, spams, and botnets. To reduce the probability of risk, an Internet user generally invests in traditional security mechanisms like anti-virus and anti-spam software, sometimes also known as self-defense mechanisms. However, such software does not completely eliminate risk. Recent works have considered the problem of residual risk elimination by proposing the idea of cyber-insurance. In this regard, an important research problem is the analysis of optimal user self-defense investments and cyber-insurance contracts under the Internet environment. In this paper, we investigate two problems and their relationship: 1) analyzing optimal self-defense investments in the Internet, under optimal cyber-insurance coverage, where optimality is an insurer objective and 2) designing optimal cyber-insurance contracts for Internet users, where a contract is a (premium, coverage) pair

The Economic Case for Cyberinsurance

We present three economic arguments for cyberinsurance. First, cyberinsurance results in higher security investment, increasing the level of safety for information technology (IT) infrastructure. Second, cyberinsurance facilitates standards for best practices as cyberinsurers seek benchmark security levels for risk management decision-making. Third, the creation of an IT security insurance market redresses IT security market failure resulting in higher overall societal welfare. We conclude that this is a significant theoretical foundation, in addition to market-based evidence, to support the assertion that cyberinsurance is the preferred market solution to managing IT security risks.

How does intellectual capital align with cyber security?

Purpose – To position the preservation and protection of intellectual capital as a cyber security concern. We outline the security requirements of intellectual capital to help Boards of Directors and executive management teams to understand their responsibilities and accountabilities in this respect.Design/Methodology/Approach – The research methodology is desk research. In other words, we gathered facts and existing research publications that helped us to define key terms, to formulate arguments to convince BoDs of the need to secure their intellectual capital, and to outline actions to be taken by BoDs to do so.Findings – Intellectual capital, as a valuable business resource, is related to information, knowledge and cyber security. Hence, preservation thereof is also related to cyber security governance, and merits attention from boards of directors.Implications – This paper clarifies boards of directors’ intellectual capital governance responsibilities, which encompass information, knowledge and cyber security governance.Social Implications – If boards of directors know how to embrace their intellectual capital governance responsibilities, this will help to ensure that such intellectual capital is preserved and secured.Practical Implications – We hope that boards of directors will benefit from our clarifications, and especially from the positioning of intellectual capital in cyber space.Originality/Value – This paper extends a previous paper published by Von Solms and Von Solms (2018), which clarified the key terms of information and cyber security, and the governance thereof. The originality and value is the focus on the securing of intellectual capital, a topic that has not yet received a great deal of attention from cyber security researchers

Privacy matters:issues within mechatronics

As mechatronic devices and components become increasingly integrated with and within wider systems concepts such as Cyber-Physical Systems and the Internet of Things, designer engineers are faced with new sets of challenges in areas such as privacy. The paper looks at the current, and potential future, of privacy legislation, regulations and standards and considers how these are likely to impact on the way in which mechatronics is perceived and viewed. The emphasis is not therefore on technical issues, though these are brought into consideration where relevant, but on the soft, or human centred, issues associated with achieving user privacy

On Using Blockchains for Safety-Critical Systems

Innovation in the world of today is mainly driven by software. Companies need to continuously rejuvenate their product portfolios with new features to stay ahead of their competitors. For example, recent trends explore the application of blockchains to domains other than finance. This paper analyzes the state-of-the-art for safety-critical systems as found in modern vehicles like self-driving cars, smart energy systems, and home automation focusing on specific challenges where key ideas behind blockchains might be applicable. Next, potential benefits unlocked by applying such ideas are presented and discussed for the respective usage scenario. Finally, a research agenda is outlined to summarize remaining challenges for successfully applying blockchains to safety-critical cyber-physical systems