Stefan Rass, Stefan Schauer, Sandra König, Quanyan Zhu

Research output: Chapter in Book/Report/Conference proceedingChapter


Cyber insurance provides users a valuable additional layer of protection to transfer cyber data risks to third-parties. An incentive-compatible cyber insurance policy can reduce the number of successful cyber-attacks by incentivizing the adoption of preventative measures in return for more coverage and the implementation of best practices by pricing premiums based on an insured level of self-protection. This chapter introduces a bi-level game-theoretic model that nests a zero-sum game in a moral-hazard type of principal-agent game to capture complex interactions between a user, an attacker, and the insurer. The game framework provides an integrative view of cyber insurance and enables a systematic design of incentive-compatible and attack-aware insurance policy. The chapter also introduces a new metric of disappointment rate that measures the difference between the actual damage and the expected damage.

Original languageEnglish (US)
Title of host publicationAdvanced Sciences and Technologies for Security Applications
Number of pages22
StatePublished - 2020

Publication series

NameAdvanced Sciences and Technologies for Security Applications
ISSN (Print)1613-5113
ISSN (Electronic)2363-9466

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Safety Research
  • Political Science and International Relations
  • Computer Science Applications
  • Computer Networks and Communications
  • Health, Toxicology and Mutagenesis


Dive into the research topics of 'Insurance'. Together they form a unique fingerprint.

Cite this