Team for Research in
Ubiquitous Secure Technology

Competitive Cyber-Insurance and Network Security
Galina Schwartz

Citation
Galina Schwartz. "Competitive Cyber-Insurance and Network Security". Talk or presentation, 30, November, 2009.

Abstract
This paper, joint with Nikhil Shetty, Mark Felegyhazi, and Jean Walrand, investigates how competitive cyber-insurers affect network security and welfare of the networked society. In our model, a user’s probability to incur damage (from being attacked) depends on both his security and the network security, with the latter taken by individual users as given. First, we consider cyber-insurers who cannot observe (and thus, affect) individual user security. This asymmetric information causes moral hazard. Then, for most parameters, no equilibrium exists: the insurance market is missing. Even if an equilibrium exists, the insurance contract covers only a minor fraction of the damage; network security worsens relative to the no-insurance equilibrium. Second, we consider insurers with perfect information about their users’ security. Here, user security is perfectly enforceable (zero cost); each insurance contract stipulates the required user security. The unique equilibrium contract covers the entire user damage. Still, for most parameters, network security worsens relative to the no-insurance equilibrium. Although cyber-insurance improves user welfare, in general, competitive cyber-insurers fail to improve network security.

Electronic downloads

Citation formats  
  • HTML
    Galina Schwartz. <a
    href="http://www.truststc.org/pubs/643.html"
    ><i>Competitive Cyber-Insurance and Network
    Security</i></a>, Talk or presentation,  30,
    November, 2009.
  • Plain text
    Galina Schwartz. "Competitive Cyber-Insurance and
    Network Security". Talk or presentation,  30, November,
    2009.
  • BibTeX
    @presentation{Schwartz09_CompetitiveCyberInsuranceNetworkSecurity,
        author = {Galina Schwartz},
        title = {Competitive Cyber-Insurance and Network Security},
        day = {30},
        month = {November},
        year = {2009},
        abstract = {This paper, joint with Nikhil Shetty, Mark
                  Felegyhazi, and Jean Walrand, investigates how
                  competitive cyber-insurers affect network security
                  and welfare of the networked society. In our
                  model, a user’s probability to incur damage
                  (from being attacked) depends on both his security
                  and the network security, with the latter taken by
                  individual users as given. First, we consider
                  cyber-insurers who cannot observe (and thus,
                  affect) individual user security. This asymmetric
                  information causes moral hazard. Then, for most
                  parameters, no equilibrium exists: the insurance
                  market is missing. Even if an equilibrium exists,
                  the insurance contract covers only a minor
                  fraction of the damage; network security worsens
                  relative to the no-insurance equilibrium. Second,
                  we consider insurers with perfect information
                  about their users’ security. Here, user security
                  is perfectly enforceable (zero cost); each
                  insurance contract stipulates the required user
                  security. The unique equilibrium contract covers
                  the entire user damage. Still, for most
                  parameters, network security worsens relative to
                  the no-insurance equilibrium. Although
                  cyber-insurance improves user welfare, in general,
                  competitive cyber-insurers fail to improve network
                  security.},
        URL = {http://www.truststc.org/pubs/643.html}
    }
    

Posted by Larry Rohrbough on 5 Nov 2009.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.