Abstract
Cyber insurance is a valuable approach to mitigate further the cyber risk and its loss in addition to the deployment of technological cyber defense solutions, such as intrusion detection systems and firewalls. An effective cyber insurance policy can reduce the number of successful cyber attacks by incentivizing the adoption of preventative measures and the implementation of best practices of the users. To study cyber insurance in a holistic manner, we first establish a bi-level game-theoretic model that nests a zero-sum game in a moral-hazard type of principal-agent game to capture complex interactions between a user, an attacker, and the insurer. The game framework provides an integrative view of the cyber insurance and enables a systematic design of incentive compatible and attack-aware insurance policy. The framework is further extended to study a network of users and their risk interdependencies. We completely characterize the equilibrium solutions of the bi-level game. Our analytical results provide a fundamental limit on insurability, predict the Peltzman effect, and reveal the principles of zero operating profit and the linear insurance policy of the insurer. We provide analytical results and numerical experiments to corroborate the analytical results and demonstrate the network effects as a result of the strategic interactions among the three types of players.
Original language | English (US) |
---|---|
Article number | 7859343 |
Pages (from-to) | 779-794 |
Number of pages | 16 |
Journal | IEEE Journal on Selected Areas in Communications |
Volume | 35 |
Issue number | 3 |
DOIs | |
State | Published - Mar 2017 |
Keywords
- Cyber insurance
- information asymmetry
- mechanism design
- moral hazard
- network effects
- network security
- security games
ASJC Scopus subject areas
- Computer Networks and Communications
- Electrical and Electronic Engineering