IDEAS home Printed from https://ideas.repec.org/a/eee/pacfin/v57y2019ics0927538x19300794.html
   My bibliography  Save this article

Integrated framework for information security investment and cyber insurance

Author

Listed:
  • Wang, Shaun S.

Abstract

This paper presents analytical models for optimizing firm's cybersecurity spending and cyber insurance based on the effectiveness of spending in reducing cyber threats, vulnerability and impact, respectively. At the macro-level, the paper shows how private-sector contribution toward countering cybercrimes can reduce the overall cyber loss and create economic value. At the micro level, a firm's effectiveness of security spending in addressing specific cyber threats can be reduced when other co-dependent security measures are not put in place. The paper derives an optimal mix of cybersecurity investments in “knowledge and expertise” versus “deploying mitigation measures”. The paper proposes customizing cyber insurance for firms with itemized threat-specific coverage with a portion of the premium used to help clients with risk knowledge and nudge clients in implementing risk mitigation measures. Small and Mid-sized Enterprises can stand benefit the most from such innovative cyber insurance.

Suggested Citation

  • Wang, Shaun S., 2019. "Integrated framework for information security investment and cyber insurance," Pacific-Basin Finance Journal, Elsevier, vol. 57(C).
    • Handle: RePEc:eee:pacfin:v:57:y:2019:i:c:s0927538x19300794
    DOI: 10.1016/j.pacfin.2019.101173
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0927538X19300794
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.pacfin.2019.101173?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Shinichi Kamiya & Jun-Koo Kang & Jungmin Kim & Andreas Milidonis & René M. Stulz, 2018. "What is the Impact of Successful Cyberattacks on Target Firms?," NBER Working Papers 24409, National Bureau of Economic Research, Inc.
    2. Chernobai, Anna & Jorion, Philippe & Yu, Fan, 2011. "The Determinants of Operational Risk in U.S. Financial Institutions," Journal of Financial and Quantitative Analysis, Cambridge University Press, vol. 46(6), pages 1683-1725, December.
    3. Martin Eling & Werner Schnell, 2016. "What do we know about cyber risk and cyber risk insurance?," Journal of Risk Finance, Emerald Group Publishing Limited, vol. 17(5), pages 474-491, November.
    4. Cummins, J. David & Lewis, Christopher M. & Wei, Ran, 2006. "The market value impact of operational loss events for US banks and insurers," Journal of Banking & Finance, Elsevier, vol. 30(10), pages 2605-2634, October.
    5. Christian Biener & Martin Eling & Jan Hendrik Wirfs, 2015. "Insurability of Cyber Risk: An Empirical Analysis†," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 40(1), pages 131-158, January.
    6. repec:cup:jfinqa:v:46:y:2011:i:06:p:1683-1725_00 is not listed on IDEAS
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Mazaher Kianpour & Stewart J. Kowalski & Harald Øverby, 2021. "Systematically Understanding Cybersecurity Economics: A Survey," Sustainability, MDPI, vol. 13(24), pages 1-28, December.
    2. Shaun S. Wang & Ulrik Franke, 2020. "Enterprise IT service downtime cost and risk transfer in a supply chain," Operations Management Research, Springer, vol. 13(1), pages 94-108, June.
    3. Ulrik Franke, 2020. "IT service outage cost: case study and implications for cyber insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 760-784, October.
    4. Baranauskas Gedas, 2021. "Application of customisation and personalisation in digital solutions of the non-life insurance market: a case study of Lithuanian, Latvian and Estonian e-sales platforms," Engineering Management in Production and Services, Sciendo, vol. 13(2), pages 68-82, June.
    5. Ulrik Franke, 0. "IT service outage cost: case study and implications for cyber insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-25.
    6. Alessandro Mazzoccoli & Maurizio Naldi, 2022. "An Overview of Security Breach Probability Models," Risks, MDPI, vol. 10(11), pages 1-29, November.
    7. Alessandro Mazzoccoli, 2023. "Optimal Cyber Security Investment in a Mixed Risk Management Framework: Examining the Role of Cyber Insurance and Expenditure Analysis," Risks, MDPI, vol. 11(9), pages 1-14, August.
    8. Dacorogna, Michel & Debbabi, Nehla & Kratz, Marie, 2023. "Building up cyber resilience by better grasping cyber risk via a new algorithm for modelling heavy-tailed data," European Journal of Operational Research, Elsevier, vol. 311(2), pages 708-729.
    9. Loic Mar'echal & Alain Mermoud & Dimitri Percia David & Mathias Humbert, 2024. "Measuring the performance of investments in information security startups: An empirical analysis by cybersecurity sectors using Crunchbase data," Papers 2402.04765, arXiv.org, revised Feb 2024.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Uddin, Md Hamid & Mollah, Sabur & Islam, Nazrul & Ali, Md Hakim, 2023. "Does digital transformation matter for operational risk exposure?," Technological Forecasting and Social Change, Elsevier, vol. 197(C).
    2. Aldasoro, Iñaki & Gambacorta, Leonardo & Giudici, Paolo & Leach, Thomas, 2022. "The drivers of cyber risk," Journal of Financial Stability, Elsevier, vol. 60(C).
    3. Nadine Gatzert & Madeline Schubert, 2022. "Cyber risk management in the US banking and insurance industry: A textual and empirical analysis of determinants and value," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 89(3), pages 725-763, September.
    4. Iñaki Aldasoro & Leonardo Gambacorta & Paolo Giudici & Thomas Leach, 2020. "Operational and cyber risks in the financial sector," BIS Working Papers 840, Bank for International Settlements.
    5. Al-Amri, Khalid & Davydov, Yevgeniy, 2016. "Testing the effectiveness of ERM: Evidence from operational losses," Journal of Economics and Business, Elsevier, vol. 87(C), pages 70-82.
    6. Wang, Tawei & Hsu, Carol, 2013. "Board composition and operational risk events of financial institutions," Journal of Banking & Finance, Elsevier, vol. 37(6), pages 2042-2051.
    7. Matteo Malavasi & Gareth W. Peters & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang & Georgy Sofronov, 2021. "Cyber Risk Frequency, Severity and Insurance Viability," Papers 2111.03366, arXiv.org, revised Mar 2022.
    8. Ulrik Franke, 2020. "IT service outage cost: case study and implications for cyber insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 760-784, October.
    9. Michael McShane & Trung Nguyen, 2020. "Time-varying effects of cyberattacks on firm value," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 580-615, October.
    10. Xiaoying Xie & Charles Lee & Martin Eling, 2020. "Cyber insurance offering and performance: an analysis of the U.S. cyber insurance market," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 690-736, October.
    11. Farkas, Sébastien & Lopez, Olivier & Thomas, Maud, 2021. "Cyber claim analysis using Generalized Pareto regression trees with applications to insurance," Insurance: Mathematics and Economics, Elsevier, vol. 98(C), pages 92-105.
    12. Ulrik Franke, 0. "IT service outage cost: case study and implications for cyber insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 0, pages 1-25.
    13. Shinichi Kamiya & Jun-Koo Kang & Jungmin Kim & Andreas Milidonis & René M. Stulz, 2018. "What is the Impact of Successful Cyberattacks on Target Firms?," NBER Working Papers 24409, National Bureau of Economic Research, Inc.
    14. Zängerle, Daniel & Schiereck, Dirk, 2022. "Modelling and predicting enterprise‑level cyber risks in the context of sparse data availability," Publications of Darmstadt Technical University, Institute for Business Studies (BWL) 136276, Darmstadt Technical University, Department of Business Administration, Economics and Law, Institute for Business Studies (BWL).
    15. Filippo Curti & W. Scott Frame & Atanas Mihov, 2022. "Are the Largest Banking Organizations Operationally More Risky?," Journal of Money, Credit and Banking, Blackwell Publishing, vol. 54(5), pages 1223-1259, August.
    16. David M. Pooser & Mark J. Browne & Oleksandra Arkhangelska, 2018. "Growth in the Perception of Cyber Risk: Evidence from U.S. P&C Insurers," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 43(2), pages 208-223, April.
    17. Gareth W. Peters & Matteo Malavasi & Georgy Sofronov & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang, 2022. "Cyber Loss Model Risk Translates to Premium Mispricing and Risk Sensitivity," Papers 2202.10588, arXiv.org, revised Mar 2023.
    18. Sovan Mitra & Andreas Karathanasopoulos, 2019. "Firm Value and the Impact of Operational Management," Asia-Pacific Financial Markets, Springer;Japanese Association of Financial Economics and Engineering, vol. 26(1), pages 61-85, March.
    19. Eling, Martin & Wirfs, Jan, 2019. "What are the actual costs of cyber risk events?," European Journal of Operational Research, Elsevier, vol. 272(3), pages 1109-1119.
    20. Eling, Martin & Wirfs, Jan Hendrik, 2016. "Cyber Risk: Too Big to Insure? Risk Transfer Options for a mercurial risk class," I.VW HSG Schriftenreihe, University of St.Gallen, Institute of Insurance Economics (I.VW-HSG), volume 59, number 59.

    More about this item

    Keywords

    Cybersecurity investment; Counter cybercrime; Risk reduction; Cyber insurance;
    All these keywords.

    JEL classification:

    • D82 - Microeconomics - - Information, Knowledge, and Uncertainty - - - Asymmetric and Private Information; Mechanism Design
    • G22 - Financial Economics - - Financial Institutions and Services - - - Insurance; Insurance Companies; Actuarial Studies
    • G38 - Financial Economics - - Corporate Finance and Governance - - - Government Policy and Regulation
    • L86 - Industrial Organization - - Industry Studies: Services - - - Information and Internet Services; Computer Software

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:pacfin:v:57:y:2019:i:c:s0927538x19300794. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: http://www.elsevier.com/locate/pacfin .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.