Attack-Aware Cyber Insurance for Risk Sharing in Computer Networks

Cyber insurance has been recently shown to be a promising mechanism to mitigate losses from cyber incidents, including data breaches, business interruption, and network damage. A robust cyber insurance policy can reduce the number of successful cyber attacks by incentivizing the adoption of preventative measures and the implementation of best practices of the users. To achieve these goals, we first establish a cyber insurance model that takes into account the complex interactions between users, attackers and the insurer. A games-in-games framework nests a zero-sum game in a moral-hazard game problem to provide a holistic view of the cyber insurance and enable a systematic design of robust insurance policy. In addition, the proposed framework naturally captures a privacy-preserving mechanism through the information asymmetry between the insurer and the user in the model. We develop analytical results to characterize the optimal insurance policy and use network virus infection as a case study to demonstrate the risk-sharing mechanism in computer networks.

[1]  Bengt Holmstrom,et al.  Moral Hazard and Observability , 1979 .

[2]  Bengt Holmstrom,et al.  Moral Hazard in Teams , 1982 .

[3]  Marc Lelarge,et al.  A local mean field analysis of security investments in networks , 2008, NetEcon '08.

[4]  Konstantinos Psounis,et al.  Will cyber-insurance improve network security? A market analysis , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[5]  Tyler Moore,et al.  The Economics of Information Security , 2006, Science.

[6]  Marc Lelarge,et al.  Cyber Insurance as an Incentivefor Internet Security , 2009, Managing Information Risk and the Economics of Security.

[7]  T. Başar,et al.  Dynamic Noncooperative Game Theory , 1982 .

[8]  Asuman E. Ozdaglar,et al.  Network Security and Contagion , 2014, PERV.

[9]  William Yurcik,et al.  Cyber-insurance As A Market-Based Solution To The Problem Of Cybersecurity , 2005, WEIS.

[10]  N. Ling The Mathematical Theory of Infectious Diseases and its applications , 1978 .

[11]  D. Luenberger Optimization by Vector Space Methods , 1968 .

[12]  S. Peltzman The Effects of Automobile Safety Regulation , 1975, Journal of Political Economy.

[13]  Rainer Böhme,et al.  Modeling Cyber-Insurance: Towards a Unifying Framework , 2010, WEIS.

[14]  S. Goyal,et al.  Attack, Defence, and Contagion in Networks , 2014 .

[15]  Quanyan Zhu,et al.  Game-Theoretic Methods for Robustness, Security, and Resilience of Cyberphysical Control Systems: Games-in-Games Principle for Optimal Cross-Layer Resilient Control Systems , 2015, IEEE Control Systems.