Cyber Insurance

The Information Technology is an essential discipline in our daily activities. We use our mobile phones often to communicate with our loved ones, research over the internet, and much more. Organizations and institutions today solely rely on computers configured over networks in their daily operations. Organizations prefer having their information backed up on virtual servers referred to as cloud computing. Cloud computing is among the safest measures to information security. We often share information either directly using storage media or over the internet. Information shared or stored over the internet is prone to attacks referred to as cyberattacks. Cyberattacks can result in total impairment of an organization’s data, blockage of part or the whole information in the form of a trojan. At this point, the attacker demands payment before they grant you access to your information. Cyberattacks have thus resulted in organizations encrypting their information. However, despite the use of advanced encryption technique, cyber attackers have gone beyond this level of technology to hack into the data by gaining access to the decryption key. Researchers have thus come up with cyber insurance, which offers security to organizations’ and businesses’ information. Cyber insurance uses high-level algorithms that are difficult for the attackers to understand. It minimizes cases of information compromisation.

[1]  M. Eric Johnson,et al.  Managing Information Risk and the Economics of Security , 2008, Managing Information Risk and the Economics of Security.

[2]  John C. S. Lui,et al.  Security adoption and influence of cyber-insurance markets in heterogeneous networks , 2014, Perform. Evaluation.

[3]  Quanyan Zhu,et al.  On the Detection of Adversarial Attacks against Deep Neural Networks , 2017, SafeConfig@CCS.

[4]  Quanyan Zhu,et al.  A Dynamic Game Analysis and Design of Infrastructure Network Protection and Recovery: 125 , 2017, PERV.

[5]  Joseph S. Nye,et al.  America's Information Edge , 1996 .

[6]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[7]  Marc Lelarge,et al.  Cyber Insurance as an Incentivefor Internet Security , 2009, Managing Information Risk and the Economics of Security.

[8]  Rui Zhang,et al.  Secure and resilient distributed machine learning under adversarial environments , 2015, 2015 18th International Conference on Information Fusion (Fusion).

[9]  Frank Kelly,et al.  Rate control for communication networks: shadow prices, proportional fairness and stability , 1998, J. Oper. Res. Soc..

[10]  Quanyan Zhu,et al.  Deception by Design: Evidence-Based Signaling Games for Network Defense , 2015, WEIS.

[11]  Robert O. Keohane,et al.  Power and Interdependence in the Information Age , 1998 .

[12]  Quanyan Zhu,et al.  A game-theoretic defense against data poisoning attacks in distributed support vector machines , 2017, 2017 IEEE 56th Annual Conference on Decision and Control (CDC).

[13]  R. Zeckhauser 19th Annual Lecture of the Geneva Association Insurance and Catastrophes , 1996 .

[14]  Oguzhan Alagöz,et al.  Modeling secrecy and deception in a multiple-period attacker-defender signaling game , 2010, Eur. J. Oper. Res..

[15]  Quanyan Zhu,et al.  A Large-Scale Markov Game Approach to Dynamic Protection of Interdependent Infrastructure Networks , 2017, GameSec.

[16]  Quanyan Zhu,et al.  Secure and practical output feedback control for cloud-enabled cyber-physical systems , 2017, 2017 IEEE Conference on Communications and Network Security (CNS).

[17]  Sacha Brostoff,et al.  Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .

[18]  Cynthia E. Irvine,et al.  A video game for cyber security training and awareness , 2007, Comput. Secur..

[19]  Bengt Holmstrom,et al.  Moral Hazard and Observability , 1979 .

[20]  Quanyan Zhu,et al.  A Game-theoretic Taxonomy and Survey of Defensive Deception for Cybersecurity and Privacy , 2017, ACM Comput. Surv..

[21]  Maxim Finkelstein Failure Rate Modelling for Reliability and Risk , 2008 .

[22]  Quanyan Zhu,et al.  Cross-layer secure cyber-physical control system design for networked 3D printers , 2016, 2016 American Control Conference (ACC).

[23]  Quanyan Zhu,et al.  Deployment and exploitation of deceptive honeybots in social networks , 2012, 52nd IEEE Conference on Decision and Control.

[24]  Quanyan Zhu,et al.  A mean-field stackelberg game approach for obfuscation adoption in empirical risk minimization , 2017, 2017 IEEE Global Conference on Signal and Information Processing (GlobalSIP).

[25]  Peter Christoffersen,et al.  Série Scientifique Scientific Series 2003 s-05 Backtesting Value-at-Risk : A Duration-Based Approach , 2003 .

[26]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[27]  D. Sornette,et al.  Heavy-tailed distribution of cyber-risks , 2008, 0803.2256.

[28]  Samir Chatterjee,et al.  Cyber-risk decision models: To insure IT or not? , 2013, Decis. Support Syst..

[29]  Thomas Russell,et al.  Catastrophe Insurance, Capital Markets and Uninsurable Risks , 1997 .

[30]  Samuel Greengard,et al.  The new face of war , 2010, Commun. ACM.

[31]  Quanyan Zhu,et al.  A Dynamic Bayesian Security Game Framework for Strategic Defense Mechanism Design , 2014, GameSec.

[32]  Quanyan Zhu,et al.  On Multi-Phase and Multi-Stage Game-Theoretic Modeling of Advanced Persistent Threats , 2018, IEEE Access.

[33]  Tyler Moore,et al.  Information security: where computer science, economics and psychology meet , 2009, Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[34]  Quanyan Zhu,et al.  A Game-Theoretic Approach to Secure Control of Communication-Based Train Control Systems Under Jamming Attacks , 2017, SCAV@CPSWeek.

[35]  Quanyan Zhu,et al.  GUIDEX: A Game-Theoretic Incentive-Based Mechanism for Intrusion Detection Networks , 2012, IEEE Journal on Selected Areas in Communications.

[36]  George A. Akerlof The Market for “Lemons”: Quality Uncertainty and the Market Mechanism , 1970 .

[37]  Quanyan Zhu,et al.  A Stackelberg game perspective on the conflict between machine learning and data obfuscation , 2016, 2016 IEEE International Workshop on Information Forensics and Security (WIFS).

[38]  Quanyan Zhu,et al.  Resilient control of cyber-physical systems against Denial-of-Service attacks , 2013, 2013 6th International Symposium on Resilient Control Systems (ISRCS).

[39]  Konstantinos Psounis,et al.  Will cyber-insurance improve network security? A market analysis , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[40]  R. Zeckhauser,et al.  Discounting dilemmas: Editors’ introduction , 2008 .

[41]  Tyler Moore,et al.  Information Security Economics - and Beyond , 2007, DEON.

[42]  Quanyan Zhu,et al.  A Bi-Level Game Approach to Attack-Aware Cyber Insurance of Computer Networks , 2017, IEEE Journal on Selected Areas in Communications.

[43]  R. H. Jhaveri,et al.  DoS Attacks in Mobile Ad Hoc Networks: A Survey , 2012, 2012 Second International Conference on Advanced Computing & Communication Technologies.

[44]  Nicholas Bambos,et al.  Security Decision-Making among Interdependent Organizations , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[45]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[46]  Jamal Raiyn,et al.  A survey of Cyber Attack Detection Strategies , 2014 .

[47]  Leda D. Minkova Insurance Risk Theory , 2010 .

[48]  Quanyan Zhu,et al.  $\mathtt{FlipIn}$ : A Game-Theoretic Cyber Insurance Framework for Incentive-Compatible Cyber Risk Management of Internet of Things , 2019, IEEE Transactions on Information Forensics and Security.

[49]  Panos Trimintzios,et al.  Resilience of the Internet Interconnection Ecosystem , 2011, WEIS.

[50]  A. Singh Exponential Distribution: Theory, Methods and Applications , 1996 .

[51]  Quanyan Zhu,et al.  Physical Intrusion Games—Optimizing Surveillance by Simulation and Game Theory , 2017, IEEE Access.

[52]  Tyler Moore,et al.  Security Economics and European Policy , 2008, WEIS.

[53]  Rainer Böhme,et al.  A Comparison of Market Approaches to Software Vulnerability Disclosure , 2006, ETRICS.

[54]  Carol A. Siegel,et al.  Cyber-Risk Management: Technical and Insurance Controls for Enterprise-Level Security , 2002, Inf. Secur. J. A Glob. Perspect..

[55]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[56]  Eitan Altman,et al.  A Jamming Game in Wireless Networks with Transmission Cost , 2007, NET-COOP.

[57]  Rainer Böhme,et al.  Security Metrics and Security Investment Models , 2010, IWSEC.

[58]  Rainer Böhme,et al.  Security Games with Market Insurance , 2011, GameSec.

[59]  Tridib Bandyopadhyay,et al.  Why IT managers don't go for cyber-insurance products , 2009, Commun. ACM.

[60]  Marc Lelarge,et al.  Economic Incentives to Increase Security in the Internet: The Case for Insurance , 2009, IEEE INFOCOM 2009.

[61]  Marc Lelarge,et al.  A local mean field analysis of security investments in networks , 2008, NetEcon '08.

[62]  Leana Golubchik,et al.  Analyzing Self-Defense Investments in Internet Security under Cyber-Insurance Coverage , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems.

[63]  M. Eric Johnson,et al.  Information security and privacy in healthcare: current state of research , 2010, Int. J. Internet Enterp. Manag..

[64]  Ian Sommerville,et al.  Socio-technical systems: From design methods to systems engineering , 2011, Interact. Comput..

[65]  Jean C. Walrand,et al.  Can Competitive Insurers Improve Network Security? , 2010, TRUST.

[66]  Quanyan Zhu,et al.  A cyber-physical game framework for secure and resilient multi-agent autonomous systems , 2015, 2015 54th IEEE Conference on Decision and Control (CDC).

[67]  Bengt Holmstrom,et al.  Moral Hazard in Teams , 1982 .

[68]  A. Sandberg,et al.  Probing the improbable: methodological challenges for risks with low probabilities and high stakes , 2008, 0810.5515.

[69]  Marc Lelarge,et al.  A New Perspective on Internet Security using Insurance , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[70]  R. Poovendran,et al.  Modeling node capture attacks in wireless sensor networks , 2008, 2008 46th Annual Allerton Conference on Communication, Control, and Computing.

[71]  Nick Bostrom,et al.  Existential Risk Prevention as Global Priority , 2013 .

[72]  Quanyan Zhu,et al.  Strategic Defense Against Deceptive Civilian GPS Spoofing of Unmanned Aerial Vehicles , 2017, GameSec.

[73]  Sam Peltzman,et al.  The effects of automobile safety regulation: Reply , 1976 .

[74]  Tyler Moore,et al.  The Economics of Information Security , 2006, Science.

[75]  Rainer Böhme Towards Insurable Network Architectures , 2010, it Inf. Technol..

[76]  Cynthia Selin,et al.  Plausibility and probability in scenario planning , 2014 .

[77]  Ross J. Anderson Cryptography and competition policy: issues with 'trusted computing' , 2003, PODC '03.

[78]  Jean C. Walrand,et al.  Competitive Cyber-Insurance and Internet Security , 2009, WEIS.

[79]  Quanyan Zhu,et al.  Modeling and Analysis of Leaky Deception Using Signaling Games With Evidence , 2018, IEEE Transactions on Information Forensics and Security.

[80]  Quanyan Zhu,et al.  A hybrid stochastic game for secure control of cyber-physical systems , 2018, Autom..

[81]  Quanyan Zhu,et al.  A Game-Theoretic Approach to Design Secure and Resilient Distributed Support Vector Machines , 2018, IEEE Transactions on Neural Networks and Learning Systems.

[82]  Radu Calinescu,et al.  Large-scale complex IT systems , 2011, Commun. ACM.

[83]  David Hutchison,et al.  Event detection and correlation for network environments , 2010, IEEE Journal on Selected Areas in Communications.

[84]  Aron Laszka,et al.  The Complexity of Estimating Systematic Risk in Networks , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[85]  Asuman E. Ozdaglar,et al.  Network Security and Contagion , 2013, PERV.

[86]  Branislav Bosanský,et al.  Manipulating Adversary's Belief: A Dynamic Game Approach to Deception by Design for Proactive Network Security , 2017, GameSec.

[87]  William Yurcik,et al.  Cyber-insurance As A Market-Based Solution To The Problem Of Cybersecurity , 2005, WEIS.

[88]  Richard J. Zeckhauser,et al.  The economics of catastrophes , 1996 .

[89]  Annette Hofmann,et al.  Internalizing externalities of loss prevention through insurance monopoly: an analysis of interdependent risks , 2007 .