Abstract
With the recent growing number of cyberattacks and the constant lack of effective defense methods, cyber risks have become ubiquitous in enterprise networks, manufacturing plants, and government computer systems. Cyber insurance provides a valuable approach to transfer the cyber risks to insurance companies and further improve the security status of the insured. The designation of effective cyber-insurance contracts requires considerations from both the insurance market and the dynamic properties of the cyber risks. To capture the interactions between the users and the insurers, we present a dynamic moral-hazard type of principal-agent model incorporated with Markov decision processes, which are used to capture the dynamics and correlations of the cyber risks as well as the user's decisions on the protections. We study and fully analyze a case with a two-state two-action user under linear coverage insurance and further show the risk compensation, Peltzman effect, linear insurance contract principle, and zero-operating profit principle in this case. Numerical experiments are provided to verify our conclusions and further extend to cases of a four-state three-action user under linear coverage insurance and threshold coverage insurance.
| Original language | English (US) |
|---|---|
| Pages (from-to) | 1087-1100 |
| Journal | IEEE Transactions on Computational Social Systems |
| Volume | 9 |
| Issue number | 4 |
| DOIs | |
| State | Published - Aug 1 2022 |
Keywords
- Computer crime
- Contracts
- Cyber insurance
- Ethics
- Hazards
- Insurance
- Markov decision processes (MDPs)
- Stationary state
- Viruses (medical)
- information asymmetry
- mechanism design
- moral hazard
- principal-agent problem.
ASJC Scopus subject areas
- Modeling and Simulation
- Social Sciences (miscellaneous)
- Human-Computer Interaction