TY - GEN
T1 - On the Role of Risk Perceptions in Cyber Insurance Contracts
AU - Liu, Shutian
AU - Zhu, Quanyan
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Risk perceptions are essential in cyber insurance contracts. With the recent surge of information, human risk perceptions are exposed to the influences from both beneficial knowledge and fake news. In this paper, we study the role of the risk perceptions of the insurer and the user in cyber insurance contracts. We formulate the cyber insurance problem into a principal-agent problem where the insurer designs the contract containing a premium payment and a coverage plan. The risk perceptions of the insurer and the user are captured by coherent risk measures. Our framework extends the cyber insurance problem containing a risk-neutral insurer and a possibly risk-averse user, which is often considered in the literature. The explicit characterizations of both the insurer's and the user's risk perceptions allow us to show that cyber insurance has the potential to incentivize the user to invest more on system protection. This possibility to increase cyber security relies on the facts that the insurer is more risk-averse than the user (in a minimization setting) and that the insurer's risk perception is more sensitive to the changes in the user's actions than the user himself. We investigate the properties of feasible contracts in a case study on the insurance of a computer system against ransomware.
AB - Risk perceptions are essential in cyber insurance contracts. With the recent surge of information, human risk perceptions are exposed to the influences from both beneficial knowledge and fake news. In this paper, we study the role of the risk perceptions of the insurer and the user in cyber insurance contracts. We formulate the cyber insurance problem into a principal-agent problem where the insurer designs the contract containing a premium payment and a coverage plan. The risk perceptions of the insurer and the user are captured by coherent risk measures. Our framework extends the cyber insurance problem containing a risk-neutral insurer and a possibly risk-averse user, which is often considered in the literature. The explicit characterizations of both the insurer's and the user's risk perceptions allow us to show that cyber insurance has the potential to incentivize the user to invest more on system protection. This possibility to increase cyber security relies on the facts that the insurer is more risk-averse than the user (in a minimization setting) and that the insurer's risk perception is more sensitive to the changes in the user's actions than the user himself. We investigate the properties of feasible contracts in a case study on the insurance of a computer system against ransomware.
UR - http://www.scopus.com/inward/record.url?scp=85143399872&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85143399872&partnerID=8YFLogxK
U2 - 10.1109/CNS56114.2022.9947268
DO - 10.1109/CNS56114.2022.9947268
M3 - Conference contribution
AN - SCOPUS:85143399872
T3 - 2022 IEEE Conference on Communications and Network Security, CNS 2022
SP - 377
EP - 382
BT - 2022 IEEE Conference on Communications and Network Security, CNS 2022
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2022 IEEE Conference on Communications and Network Security, CNS 2022
Y2 - 3 October 2022 through 5 October 2022
ER -