Abstract
Corporate insurance contracts providing liability coverage in the event of an information security breach are increasingly popular. In addition to the obvious use of ‘Cyberinsurance’ as a risk mitigation tool, a public policy narrative has emerged whereby insurance companies act as a clearing house for information and then provide guidance on appropriate security investment to firms seeking liability coverage. Utilizing few assumptions, our modeling framework demonstrates that this view of cyberinsurance as a delegated policy tool is unlikely to yield the anticipated coordination benefits, and may in fact erode the aggregate level of security investment undertaken by targets.
Original language | English |
---|---|
Pages | 1-38 |
Number of pages | 38 |
Publication status | Published - 29 May 2017 |
Event | 16th Annual Workshop on the Economics of Information Security: Weiss 2017 - Rady School of Management, UC San Diego, La Jolla, United States Duration: 25 Jun 2017 → 27 Jun 2017 https://weis2017.econinfosec.org/ |
Conference
Conference | 16th Annual Workshop on the Economics of Information Security |
---|---|
Country/Territory | United States |
City | La Jolla |
Period | 25/06/17 → 27/06/17 |
Internet address |
Bibliographical note
The authors would like to thank Luca Allodi from the University of Trento,Vadim Kotov from Bromium, and the members of the Computer Laboratory in Cambrige (in particular Ross Anderson, Richard Clayton, Daniel Thomas, and Sultan Kus) for very useful discussions and insights on hackers’ technology and markets. We would like also to thank the participants to the Lorentz’ Adversarial Risk Analysis seminar (in particular Milind Tambe, Wolter Pieters, Vivian Jacobs, David Banks, Dieter Gollmann, Andr Hoogstrate, and Christian Probst) for useful discussions on the use of game theory techniques for security, Angela Sasse and her group at UCL, Alex Ashby from Oxford, Christos Ioannidis from the University of Bath, and the seminar participants at the University of Durham (in particular Parantap Basu, Abderrahim Taamouti, Hugo Kruiniger, Leslie Reinhorn, Xiaogang Che, and Damian Damianov) for useful comments. Any remaining mistakes are the sole responsibilities of the authors.
Keywords
- Insurance
- Cyber-Security
- Public Economics
- Optimal Investment Allocations