Attack-aware cyber insurance for risk sharing in computer networks

Yezekael Hayel, Quanyan Zhu

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Cyber insurance has been recently shown to be a promising mechanism to mitigate losses from cyber incidents, including data breaches, business interruption, and network damage. A robust cyber insurance policy can reduce the number of successful cyber attacks by incentivizing the adoption of preventative measures and the implementation of best practices of the users. To achieve these goals, we first establish a cyber insurance model that takes into account the complex interactions between users, attackers and the insurer. A games-in-games framework nests a zero-sum game in a moral-hazard game problem to provide a holistic view of the cyber insurance and enable a systematic design of robust insurance policy. In addition, the proposed framework naturally captures a privacy-preserving mechanism through the information asymmetry between the insurer and the user in the model. We develop analytical results to characterize the optimal insurance policy and use network virus infection as a case study to demonstrate the risksharing mechanism in computer networks.

Original languageEnglish (US)
Title of host publicationDecision and Game Theory for Security - 6th International Conference, GameSec 2015, Proceedings
EditorsM.H.R. Khouzani, Emmanouil Panaousis, George Theodorakopoulos
PublisherSpringer Verlag
Number of pages13
ISBN (Print)9783319255934
StatePublished - 2015
Event6th International Conference on Decision and Game Theory for Security, GameSec 2015 - London, United Kingdom
Duration: Nov 4 2015Nov 5 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other6th International Conference on Decision and Game Theory for Security, GameSec 2015
Country/TerritoryUnited Kingdom


  • Bilevel optimization problem
  • Cyber attacks3
  • Cyber insurance
  • Incomplete information game
  • Moral hazards

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Attack-aware cyber insurance for risk sharing in computer networks'. Together they form a unique fingerprint.

Cite this