Optimal Security Configuration for Cyber Insurance

Losses due to cyber security incidents could be very significant for organisations. This fact forces managers to consider cyber security risks at the highest management level. Cyber risks are usually either mitigated by technical means (countermeasures) or transferred to another party (i.e., insurer). Both options require significant investments and organisations face the problem of optimal distribution of cyber security budget between these risk treatment options.

[1]  Jean C. Walrand,et al.  Can Competitive Insurers Improve Network Security? , 2010, TRUST.

[2]  Martin Eling,et al.  Insurability of Cyber Risk: An Empirical Analysis , 2014, The Geneva Papers on Risk and Insurance - Issues and Practice.

[3]  Pasquale Malacaria,et al.  How to spend it: optimal investment for cyber security , 2014, ACySE '14.

[4]  P. Dasgupta,et al.  Equilibrium in Competitive Insurance Markets : An Essay on the Economics of Imperfect Information , 2007 .

[5]  Srinivasan Raghunathan,et al.  Cyber Insurance and IT Security Investment: Impact of Interdependence Risk , 2005, WEIS.

[6]  Tadeusz Sawik,et al.  Selection of optimal countermeasure portfolio in IT security planning , 2013, Decis. Support Syst..

[7]  Fabio Martinelli,et al.  Cyber-insurance survey , 2017, Comput. Sci. Rev..

[8]  Marc Lelarge,et al.  Economic Incentives to Increase Security in the Internet: The Case for Insurance , 2009, IEEE INFOCOM 2009.

[9]  Chris Hankin,et al.  Comparing Decision Support Approaches for Cyber Security Investment , 2015, ArXiv.

[10]  I. Ehrlich,et al.  Market Insurance, Self-Insurance, and Self-Protection , 1972, Journal of Political Economy.

[11]  Fabio Martinelli,et al.  Risk-Based Usage Control for Service Oriented Architecture , 2010, 2010 18th Euromicro Conference on Parallel, Distributed and Network-based Processing.

[12]  Joseph E. Stiglitz,et al.  17 – EQUILIBRIUM IN COMPETITIVE INSURANCE MARKETS: AN ESSAY ON THE ECONOMICS OF IMPERFECT INFORMATION* , 1976 .

[13]  Konstantinos Psounis,et al.  Will cyber-insurance improve network security? A market analysis , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[14]  Fabio Martinelli,et al.  Preventing the Drop in Security Investments for Non-competitive Cyber-Insurance Market , 2017, CRiSIS.

[15]  S. Shankar Sastry,et al.  Cyber-insurance framework for large scale interdependent networks , 2014, HiCoNS.

[16]  William Yurcik,et al.  The Evolution of Cyberinsurance , 2006, ArXiv.

[17]  Daniel Vanderpooten,et al.  Solving efficiently the 0-1 multi-objective knapsack problem , 2009, Comput. Oper. Res..

[18]  John J. Bartholdi,et al.  The Knapsack Problem , 2008 .

[19]  Bruce Schneier,et al.  Insurance and the computer industry , 2001, CACM.

[20]  John C. S. Lui,et al.  Security adoption and influence of cyber-insurance markets in heterogeneous networks , 2014, Perform. Evaluation.

[21]  Nicolas Christin,et al.  Secure or insure?: a game-theoretic analysis of information security games , 2008, WWW.