Corporate insurance contracts providing liability coverage in the event of an information security breach are increasingly popular. In addition to the obvious use of ‘Cyberinsurance’ as a risk mitigation tool, a public policy narrative has emerged whereby insurance companies act as a clearing house for information and then provide guidance on appropriate security investment to ﬁrms seeking liability coverage. Utilizing few assumptions, our modeling framework demonstrates that this view of cyberinsurance as a delegated policy tool is unlikely to yield the anticipated coordination beneﬁts, and may in fact erode the aggregate level of security investment undertaken by targets.
|Number of pages||38|
|Publication status||Published - 29 May 2017|
|Event||16th Annual Workshop on the Economics of Information Security: Weiss 2017 - Rady School of Management, UC San Diego, La Jolla, United States|
Duration: 25 Jun 2017 → 27 Jun 2017
|Conference||16th Annual Workshop on the Economics of Information Security|
|Period||25/06/17 → 27/06/17|
- Public Economics
- Optimal Investment Allocations
Massacci, F., Swierzbinski, J., & Williams, J. (2017). Cyberinsurance and Public Policy: Self-Protection and Insurance with Endogenous Security Risks. 1-38. Paper presented at 16th Annual Workshop on the Economics of Information Security, La Jolla, United States.