Cybersecurity Insurance: Modeling and Pricing

Cybersecurity risk has attracted considerable attention in recent decades. However, the modeling of cybersecurity risk is still in its infancy, mainly because of its unique characteristics. In this study, we develop a framework for modeling and pricing cybersecurity risk. The proposed model consists of three components: the epidemic model, loss function, and premium strategy. We study the dynamic upper bounds for the infection probabilities based on both Markov and non-Markov models. A simulation approach is proposed to compute the premium for cybersecurity risk for practical use. The effects of different infection distributions and dependence among infection processes on the losses are also studied.

[1]  E. Coddington An Introduction to Ordinary Differential Equations , 1961 .

[2]  Samir Chatterjee,et al.  e-Risk Management with Insurance: A Framework Using Copula Aided Bayesian Belief Networks , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[3]  P. V. Mieghem,et al.  Performance Analysis of Complex Networks and Systems , 2014 .

[4]  John C. S. Lui,et al.  Security adoption and influence of cyber-insurance markets in heterogeneous networks , 2014, Perform. Evaluation.

[5]  Martin Eling,et al.  What do we know about cyber risk and cyber risk insurance , 2016 .

[6]  Shouhuai Xu,et al.  An Extended Stochastic Model for Quantitative Security Analysis of Networked Systems , 2012, Internet Math..

[7]  Piet Van Mieghem,et al.  Epidemic processes in complex networks , 2014, ArXiv.

[8]  Alessandro Vespignani,et al.  Dynamical Processes on Complex Networks , 2008 .

[9]  Thomas Kosub,et al.  Components and challenges of integrated cyber risk management , 2015 .

[10]  Shouhuai Xu,et al.  Modeling multivariate cybersecurity risks , 2018 .

[11]  Sheldon M. Ross,et al.  Stochastic Processes , 2018, Gauge Integral Structures for Stochastic Calculus and Quantum Electrodynamics.

[12]  Lawrence A. Gordon,et al.  A framework for using insurance for cyber-risk management , 2003, Commun. ACM.

[13]  Piet Van Mieghem,et al.  Lognormal Infection Times of Online Information Spread , 2013, PloS one.

[14]  P. Van Mieghem,et al.  Susceptible-infected-susceptible epidemics on networks with general infection and cure times. , 2013, Physical review. E, Statistical, nonlinear, and soft matter physics.

[15]  J. Pratt RISK AVERSION IN THE SMALL AND IN THE LARGE11This research was supported by the National Science Foundation (grant NSF-G24035). Reproduction in whole or in part is permitted for any purpose of the United States Government. , 1964 .

[16]  Shouhuai Xu,et al.  Cyber Epidemic Models with Dependences , 2015, Internet Math..

[17]  Hemantha S. B. Herath,et al.  Copula Based Actuarial Model for Pricing Cyber-Insurance Policies , 2011 .

[18]  R. Nelsen An Introduction to Copulas , 1998 .

[19]  Piet Van Mieghem,et al.  A time-dependent SIS-model for long-term computer worm evolution , 2016, 2016 IEEE Conference on Communications and Network Security (CNS).

[20]  M. Sklar Fonctions de repartition a n dimensions et leurs marges , 1959 .

[21]  P. Van Mieghem,et al.  Epidemics in networks with nodal self-infection and the epidemic threshold. , 2012, Physical review. E, Statistical, nonlinear, and soft matter physics.

[22]  J. Doob Stochastic processes , 1953 .

[23]  S. Shankar Sastry,et al.  Cyber-insurance framework for large scale interdependent networks , 2014, HiCoNS.

[24]  Shouhuai Xu,et al.  Modeling and predicting extreme cyber attack rates via marked point processes , 2017 .

[25]  Rainer Böhme,et al.  Modeling Cyber-Insurance: Towards a Unifying Framework , 2010, WEIS.

[26]  P. V. Mieghem,et al.  Non-Markovian Infection Spread Dramatically Alters the Susceptible-Infected-Susceptible Epidemic Threshold in Networks , 2013 .

[27]  James C. Robinson Introduction to Ordinary Differential Equations , 2020, Essential Textbooks in Physics.

[28]  P Van Mieghem,et al.  Nodal infection in Markovian susceptible-infected-susceptible and susceptible-infected-removed epidemics on networks are non-negatively correlated. , 2014, Physical review. E, Statistical, nonlinear, and soft matter physics.

[29]  Shi Zhou,et al.  Hybrid Epidemics—A Case Study on Computer Worm Conficker , 2014, PloS one.

[30]  H. Joe Dependence Modeling with Copulas , 2014 .

[31]  Samuel Karlin,et al.  A First Course on Stochastic Processes , 1968 .

[32]  Bülent Yener,et al.  Graph Theoretic and Spectral Analysis of Enron Email Data , 2005, Comput. Math. Organ. Theory.

[33]  Rainer Böhme,et al.  Models and Measures for Correlation in Cyber-Insurance , 2006, WEIS.