Efficient dispersal of information for security, load balancing, and fault tolerance
Journal of the ACM (JACM)
Modeling of Correlated Failures and Community Error Recovery in Multiversion Software
IEEE Transactions on Software Engineering
Communications of the ACM
The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
A framework for using insurance for cyber-risk management
Communications of the ACM
How much is enough: a risk management approach to computer security
How much is enough: a risk management approach to computer security
Measuring the Risk-Based Value of IT Security Solutions
IT Professional
Timing the Application of Security Patches for Optimal Uptime
LISA '02 Proceedings of the 16th USENIX conference on System administration
Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Hi-index | 0.00 |
It has been argued that cyber-insurance will create the right kind of security atmosphere on the Internet. It will provide incentive (through lowered premiums) to firms to better secure their network thus reducing the threat of first party as well as third party damage, promote gathering and sharing of information security related incidents thus aiding development of global information security standards and practices, and finally, increase the overall social welfare by decreasing the variance of losses faced by individual firms via risk pooling as in other kinds of insurance. However, a unique aspect of cyber-risks is the high level of correlation in risk (e.g. worms and viruses) that affects both the insurer and the insured. In this paper, we present a discussion on the factors that influence the correlation in cyber-risks both at a global level, i.e. correlation across independent firms in an insurer’s portfolio, and at a local level, i.e. correlation of risk within a single firm. While global risk correlation influences insurers’ decision in setting the premium, the internal correlation within a firm influences its decision to seek insurance. We study the combined dynamics of these two to determine when a market for cyber-insurance can exist. We address technical, managerial and policy choices influencing both kind of correlations and welfare implications thereof.