Cyberinsurance and Public Policy: Self-Protection and Insurance with Endogenous Security Risks

Fabio Massacci, Joseph Swierzbinski, Julian Williams

Research output: Contribution to conferencePaper

Abstract

Corporate insurance contracts providing liability coverage in the event of an information security breach are increasingly popular. In addition to the obvious use of ‘Cyberinsurance’ as a risk mitigation tool, a public policy narrative has emerged whereby insurance companies act as a clearing house for information and then provide guidance on appropriate security investment to firms seeking liability coverage. Utilizing few assumptions, our modeling framework demonstrates that this view of cyberinsurance as a delegated policy tool is unlikely to yield the anticipated coordination benefits, and may in fact erode the aggregate level of security investment undertaken by targets.
Original languageEnglish
Pages1-38
Number of pages38
Publication statusPublished - 29 May 2017
Event16th Annual Workshop on the Economics of Information Security: Weiss 2017 - Rady School of Management, UC San Diego, La Jolla, United States
Duration: 25 Jun 201727 Jun 2017
https://weis2017.econinfosec.org/

Conference

Conference16th Annual Workshop on the Economics of Information Security
CountryUnited States
CityLa Jolla
Period25/06/1727/06/17
Internet address

    Fingerprint

Keywords

  • Insurance
  • Cyber-Security
  • Public Economics
  • Optimal Investment Allocations

Cite this

Massacci, F., Swierzbinski, J., & Williams, J. (2017). Cyberinsurance and Public Policy: Self-Protection and Insurance with Endogenous Security Risks. 1-38. Paper presented at 16th Annual Workshop on the Economics of Information Security, La Jolla, United States.