Based on classical contagion models we introduce an artificial cyber lab: the
digital twin of a complex cyber system in which possible cyber resilience
measures may be implemented and tested. Using the lab, in numerical case
studies, we identify two classes of measures to control systemic cyber risks:
security- and topology-based interventions. We discuss the implications of our
findings on selected real-world cybersecurity measures currently applied in the
insurance and regulation practice or under discussion for future cyber risk
control. To this end, we provide a brief overview of the current cybersecurity
regulation and emphasize the role of insurance companies as private regulators.
Moreover, from an insurance point of view, we provide first attempts to design
systemic cyber risk obligations and to measure the systemic risk contribution
of individual policyholders
