A Performance Assessment Metric for Information Security Financial Instruments

Business interruptions caused by cyber-attacks pose a serious threat to revenue and share price of the organisation. Furthermore, recent cyber-attacks on various organisations prove that the technical controls, security policies, and regulatory compliance are not sufficient to mitigate the cyber risks. In such a scenario, the residual cyber risk can be mitigated with cyber-insurance policies and with information security derivatives (financial instruments). Information security derivatives are a new class of financial instruments designed to provide an alternate risk mitigation mechanism to reduce the potential adverse impact of an information security event. However, there is a lack of research on the metrics to measure the performance of information security derivatives in mitigating the underlying risk. This article examines the basic requirements to assess the performance of information security derivatives. Furthermore, the article presents three metrics, namely hedge ratio, hedge effectiveness, and hedge efficiency to formulate and evaluate a cyber risk mitigation strategy devised with information security derivatives. Also, the application of these metrics is demonstrated in an imaginary scenario. The accurate measure of performance of information security derivatives is of practical importance for effective risk management strategy.

[1]  A. Ghosh Cointegration and Error Correction Models: Intertemporal Causality Between Index Spot and Future Prices , 1993 .

[2]  Einar Snekkenes,et al.  Applicability of Prediction Markets in Information Security Risk Management , 2014, 2014 25th International Workshop on Database and Expert Systems Applications.

[3]  Dimitrios V. Vougas,et al.  Hedging effectiveness in Greek stock index futures market, 1999-2001 , 2006 .

[4]  J. Hull Fundamentals of Futures and Options Markets , 2001 .

[5]  Steven De Haes,et al.  A novel financial instrument to incentivize investments in information security controls and mitigate residual risk , 2015, SECURWARE 2015.

[6]  Einar Snekkenes,et al.  Design and performance aspects of information security prediction markets for risk management , 2015, 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE).

[7]  Steven De Haes,et al.  Design, Demonstration, and Evaluation of an Information Security Contract and Trading Mechanism to Hedge Information Security Risks , 2015, STM.

[8]  M. Meulenberg,et al.  Hedging efficiency: A futures exchange management approach , 1997 .

[9]  C. Bunea-Bontas The Assessment of Hedge Effectiveness , 2012 .

[10]  Lawrence Galitz Financial Engineering: Tools and Techniques to Manage Financial Risk , 1994 .

[11]  Jan Hendrik Wirfs,et al.  Insurability of Cyber Risk: An Empirical Analysis , 2014, The Geneva Papers on Risk and Insurance - Issues and Practice.

[12]  Warren W. Lebeck Futures trading and hedging , 1978 .

[13]  Phhilippe Jorion Value at Risk: The New Benchmark for Managing Financial Risk , 2000 .

[14]  S. Bhaduri,et al.  Optimal hedge ratio and hedging effectiveness of stock index futures: evidence from India , 2008 .

[15]  J. Stein The Simultaneous Determination of Spot and Futures Prices , 1976 .

[16]  An intertemporal measure of hedging effectiveness , 1990 .

[17]  Martin Eling,et al.  Insurability of Cyber Risk: An Empirical Analysis , 2014, The Geneva Papers on Risk and Insurance - Issues and Practice.

[18]  Cheng-Few Lee,et al.  A new measure to compare the hedging effectiveness of foreign currency futures versus options , 1994 .

[19]  Einar Snekkenes,et al.  Using Prediction Markets to Hedge Information Security Risks , 2014, STM.

[20]  Leland L. Johnson,et al.  The Theory of Hedging and Speculation in Commodity Futures , 1960 .

[21]  Taufiq Choudhry The hedging effectiveness of constant and time-varying hedge ratios using three Pacific Basin stock futures , 2004 .

[22]  L. Ederington,et al.  The Hedging Performance of the New Futures Markets , 1979 .