IDEAS home Printed from https://ideas.repec.org/a/pal/gpprii/v48y2023i2d10.1057_s41288-023-00289-7.html
   My bibliography  Save this article

Risk mitigation services in cyber insurance: optimal contract design and price structure

Author

Listed:
  • Gabriela Zeller

    (Technische Universität München)

  • Matthias Scherer

    (Technische Universität München)

Abstract

As the cyber insurance market is expanding and cyber insurance policies continue to mature, the potential of including pre-incident and post-incident services into cyber policies is being recognised by insurers and insurance buyers. This work addresses the question of how such services should be priced from the insurer’s viewpoint, i.e. under which conditions it is rational for a profit-maximising, risk-neutral or risk-averse insurer to share the costs of providing risk mitigation services. The interaction between insurance buyer and seller is modelled as a Stackelberg game, where both parties use distortion risk measures to model their individual risk aversion. After linking the notions of pre-incident and post-incident services to the concepts of self-protection and self-insurance, we show that when pricing a single contract, the insurer would always shift the full cost of self-protection services to the insured; however, this does not generally hold for the pricing of self-insurance services or when taking a portfolio viewpoint. We illustrate the latter statement using toy examples of risks with dependence mechanisms representative in the cyber context.

Suggested Citation

  • Gabriela Zeller & Matthias Scherer, 2023. "Risk mitigation services in cyber insurance: optimal contract design and price structure," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 502-547, April.
    • Handle: RePEc:pal:gpprii:v:48:y:2023:i:2:d:10.1057_s41288-023-00289-7
    DOI: 10.1057/s41288-023-00289-7
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1057/s41288-023-00289-7
    File Function: Abstract
    Download Restriction: Access to full text is restricted to subscribers.
    File URL: https://libkey.io/10.1057/s41288-023-00289-7?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Eling, Martin & Jung, Kwangmin, 2018. "Copula approaches for modeling cross-sectional dependence of data breach losses," Insurance: Mathematics and Economics, Elsevier, vol. 82(C), pages 167-180.
    2. Rogerson, William P, 1985. "The First-Order Approach to Principal-Agent Problems," Econometrica, Econometric Society, vol. 53(6), pages 1357-1367, November.
    3. Jewitt, Ian, 1988. "Justifying the First-Order Approach to Principal-Agent Problems," Econometrica, Econometric Society, vol. 56(5), pages 1177-1190, September.
    4. HOLMSTROM, Bengt, 1979. "Moral hazard and observability," LIDAM Reprints CORE 379, Université catholique de Louvain, Center for Operations Research and Econometrics (CORE).
    5. Fahrenwaldt, Matthias A. & Weber, Stefan & Weske, Kerstin, 2018. "Pricing Of Cyber Insurance Contracts In A Network Model," ASTIN Bulletin, Cambridge University Press, vol. 48(3), pages 1175-1218, September.
    6. Han Bleichrodt & Louis Eeckhoudt, 2006. "Willingness to pay for reductions in health risks when probabilities are distorted," Health Economics, John Wiley & Sons, Ltd., vol. 15(2), pages 211-214, February.
    7. Paul Embrechts & Haiyan Liu & Tiantian Mao & Ruodu Wang, 2017. "Quantile-Based Risk Sharing with Heterogeneous Beliefs," Swiss Finance Institute Research Paper Series 17-65, Swiss Finance Institute, revised Jan 2018.
    8. Wang, Shaun, 1996. "Premium Calculation by Transforming the Layer Premium Density," ASTIN Bulletin, Cambridge University Press, vol. 26(1), pages 71-92, May.
    9. Dionne, Georges & Eeckhoudt, Louis, 1985. "Self-insurance, self-protection and increased risk aversion," Economics Letters, Elsevier, vol. 17(1-2), pages 39-42.
    10. Fabio Bellini & Camilla Caperdoni, 2007. "Coherent Distortion Risk Measures and Higher-Order Stochastic Dominances," North American Actuarial Journal, Taylor & Francis Journals, vol. 11(2), pages 35-42.
    11. Chen, Lv & Shen, Yang & Su, Jianxi, 2020. "A continuous-time theory of reinsurance chains," Insurance: Mathematics and Economics, Elsevier, vol. 95(C), pages 129-146.
    12. Alessandro Mazzoccoli & Maurizio Naldi, 2020. "Robustness of Optimal Investment Decisions in Mixed Insurance/Investment Cyber Risk Management," Risk Analysis, John Wiley & Sons, vol. 40(3), pages 550-564, March.
    13. Johanna Etner & Meglena Jeleva, 2013. "Risk Perception, Health Prevention and Diagnostic Test," Post-Print hal-01385815, HAL.
    14. Peter Christoffersen, 2004. "Backtesting Value-at-Risk: A Duration-Based Approach," Journal of Financial Econometrics, Oxford University Press, vol. 2(1), pages 84-108.
    15. Ziggel, Daniel & Berens, Tobias & Weiß, Gregor N.F. & Wied, Dominik, 2014. "A new set of improved Value-at-Risk backtests," Journal of Banking & Finance, Elsevier, vol. 48(C), pages 29-41.
    16. Kratz, Marie & Lok, Yen H. & McNeil, Alexander J., 2018. "Multinomial VaR backtests: A simple implicit approach to backtesting expected shortfall," Journal of Banking & Finance, Elsevier, vol. 88(C), pages 393-407.
    17. Eling, Martin & Wirfs, Jan, 2019. "What are the actual costs of cyber risk events?," European Journal of Operational Research, Elsevier, vol. 272(3), pages 1109-1119.
    18. Ehrlich, Isaac & Becker, Gary S, 1972. "Market Insurance, Self-Insurance, and Self-Protection," Journal of Political Economy, University of Chicago Press, vol. 80(4), pages 623-648, July-Aug..
    19. Epstein, Larry G, 1980. "Decision Making and the Temporal Resolution of Uncertainty," International Economic Review, Department of Economics, University of Pennsylvania and Osaka University Institute of Social and Economic Research Association, vol. 21(2), pages 269-283, June.
    20. Wang, Shaun S. & Young, Virginia R. & Panjer, Harry H., 1997. "Axiomatic characterization of insurance prices," Insurance: Mathematics and Economics, Elsevier, vol. 21(2), pages 173-183, November.
    21. Peter Klibanoff & Massimo Marinacci & Sujoy Mukerji, 2005. "A Smooth Model of Decision Making under Ambiguity," Econometrica, Econometric Society, vol. 73(6), pages 1849-1892, November.
    22. Weber, Stefan, 2018. "Solvency II, or how to sweep the downside risk under the carpet," Insurance: Mathematics and Economics, Elsevier, vol. 82(C), pages 191-200.
    23. Tim J. Boonen & Ka Chun Cheung & Yiying Zhang, 2021. "Bowley reinsurance with asymmetric information on the insurer's risk preferences," Scandinavian Actuarial Journal, Taylor & Francis Journals, vol. 2021(7), pages 623-644, August.
    24. Cheung, Ka Chun & Yam, Sheung Chi Phillip & Zhang, Yiying, 2019. "Risk-adjusted Bowley reinsurance under distorted probabilities," Insurance: Mathematics and Economics, Elsevier, vol. 86(C), pages 64-72.
    25. Johanna Etner & Meglena Jeleva, 2013. "Risk Perception, Prevention And Diagnostic Tests," Health Economics, John Wiley & Sons, Ltd., vol. 22(2), pages 144-156, February.
    26. Tim J. Boonen & Yiying Zhang, 2022. "Bowley reinsurance with asymmetric information: a first-best solution," Scandinavian Actuarial Journal, Taylor & Francis Journals, vol. 2022(6), pages 532-551, July.
    27. Alessandro Mazzoccoli & Maurizio Naldi, 2021. "Optimal Investment in Cyber-Security under Cyber Insurance for a Multi-Branch Firm," Risks, MDPI, vol. 9(1), pages 1-28, January.
    28. Philippe Artzner & Freddy Delbaen & Jean‐Marc Eber & David Heath, 1999. "Coherent Measures of Risk," Mathematical Finance, Wiley Blackwell, vol. 9(3), pages 203-228, July.
    29. Martin J. Osborne & Ariel Rubinstein, 1994. "A Course in Game Theory," MIT Press Books, The MIT Press, edition 1, volume 1, number 0262650401, December.
    30. Maochao Xu & Lei Hua, 2019. "Cybersecurity Insurance: Modeling and Pricing," North American Actuarial Journal, Taylor & Francis Journals, vol. 23(2), pages 220-249, April.
    31. Bai, Yanfei & Zhou, Zhongbao & Xiao, Helu & Gao, Rui & Zhong, Feimin, 2022. "A hybrid stochastic differential reinsurance and investment game with bounded memory," European Journal of Operational Research, Elsevier, vol. 296(2), pages 717-737.
    32. Ruodu Wang, 2016. "Regulatory arbitrage of risk measures," Quantitative Finance, Taylor & Francis Journals, vol. 16(3), pages 337-347, March.
    33. Young, Derek & Lopez, Juan & Rice, Mason & Ramsey, Benjamin & McTasney, Robert, 2016. "A framework for incorporating insurance in critical infrastructure cyber risk strategies," International Journal of Critical Infrastructure Protection, Elsevier, vol. 14(C), pages 43-57.
    34. Soren Bettels & Sojung Kim & Stefan Weber, 2022. "Multinomial Backtesting of Distortion Risk Measures," Papers 2201.06319, arXiv.org, revised Jan 2024.
    35. Bengt Holmstrom, 1979. "Moral Hazard and Observability," Bell Journal of Economics, The RAND Corporation, vol. 10(1), pages 74-91, Spring.
    36. Chen Peng & Maochao Xu & Shouhuai Xu & Taizhong Hu, 2018. "Modeling multivariate cybersecurity risks," Journal of Applied Statistics, Taylor & Francis Journals, vol. 45(15), pages 2718-2740, November.
    37. Lynn Wirch, Julia & Hardy, Mary R., 1999. "A synthesis of risk measures for capital adequacy," Insurance: Mathematics and Economics, Elsevier, vol. 25(3), pages 337-347, December.
    38. Susanne Emmer & Marie Kratz & Dirk Tasche, 2013. "What is the best risk measure in practice? A comparison of standard measures," Papers 1312.1645, arXiv.org, revised Apr 2015.
    39. Balbás, Alejandro & Balbás, Beatriz & Heras, Antonio, 2011. "Stable solutions for optimal reinsurance problems involving risk measures," European Journal of Operational Research, Elsevier, vol. 214(3), pages 796-804, November.
    40. Bensalem, Sarah & Santibáñez, Nicolás Hernández & Kazi-Tani, Nabil, 2020. "Prevention efforts, insurance demand and price incentives under coherent risk measures," Insurance: Mathematics and Economics, Elsevier, vol. 93(C), pages 369-386.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Soren Bettels & Sojung Kim & Stefan Weber, 2022. "Multinomial Backtesting of Distortion Risk Measures," Papers 2201.06319, arXiv.org, revised Jan 2024.
    2. Bensalem, Sarah & Santibáñez, Nicolás Hernández & Kazi-Tani, Nabil, 2020. "Prevention efforts, insurance demand and price incentives under coherent risk measures," Insurance: Mathematics and Economics, Elsevier, vol. 93(C), pages 369-386.
    3. Dionne, Georges & Harrington, Scott, 2017. "Insurance and Insurance Markets," Working Papers 17-2, HEC Montreal, Canada Research Chair in Risk Management.
    4. Sarah Bensalem & Nicolás Hernández Santibáñez & Nabil Kazi-Tani, 2019. "Prevention efforts, insurance demand and price incentives under coherent risk measures," Working Papers hal-01983433, HAL.
    5. Courbage, Christophe & Rey, Béatrice & Treich, Nicolas, 2013. "Prevention and precaution," TSE Working Papers 13-445, Toulouse School of Economics (TSE).
    6. Emmanuelle Augeraud-Véron & Marc Leandri, 2023. "Optimal self-protection and health risk perception: bridging the gap between risk theory and the Health Belief Model," Working Papers hal-04159826, HAL.
    7. Burzoni, Matteo & Munari, Cosimo & Wang, Ruodu, 2022. "Adjusted Expected Shortfall," Journal of Banking & Finance, Elsevier, vol. 134(C).
    8. Da, Gaofeng & Xu, Maochao & Zhao, Peng, 2021. "Multivariate dependence among cyber risks based on L-hop propagation," Insurance: Mathematics and Economics, Elsevier, vol. 101(PB), pages 525-546.
    9. Alessandro Mazzoccoli & Maurizio Naldi, 2022. "An Overview of Security Breach Probability Models," Risks, MDPI, vol. 10(11), pages 1-29, November.
    10. Sarah Bensalem, 2020. "Self-insurance and Non-concave Distortion Risk Measures," Working Papers hal-02936349, HAL.
    11. Han Bleichrodt, 2022. "The prevention puzzle," The Geneva Risk and Insurance Review, Palgrave Macmillan;International Association for the Study of Insurance Economics (The Geneva Association), vol. 47(2), pages 277-297, September.
    12. Matteo Burzoni & Cosimo Munari & Ruodu Wang, 2020. "Adjusted Expected Shortfall," Papers 2007.08829, arXiv.org, revised Aug 2021.
    13. Marcelo Bianconi, 2004. "Aggregate and Idiosyncratic Risk and the Behavior of Individual Preferences under Moral Hazard," Discussion Papers Series, Department of Economics, Tufts University 0410, Department of Economics, Tufts University.
    14. Goldzahl, Léontine, 2017. "Contributions of risk preference, time orientation and perceptions to breast cancer screening regularity," Social Science & Medicine, Elsevier, vol. 185(C), pages 147-157.
    15. Christian Gollier & James Hammitt & Nicolas Treich, 2013. "Risk and choice: A research saga," Journal of Risk and Uncertainty, Springer, vol. 47(2), pages 129-145, October.
    16. Clausen, Andrew, 2013. "Moral Hazard with Counterfeit Signals," SIRE Discussion Papers 2013-13, Scottish Institute for Research in Economics (SIRE).
    17. Schumacher Johannes M., 2018. "Distortion risk measures, ROC curves, and distortion divergence," Statistics & Risk Modeling, De Gruyter, vol. 35(1-2), pages 35-50, January.
    18. Santos, Joao C., 1997. "Debt and equity as optimal contracts," Journal of Corporate Finance, Elsevier, vol. 3(4), pages 355-366, December.
    19. Lazar, Emese & Zhang, Ning, 2019. "Model risk of expected shortfall," Journal of Banking & Finance, Elsevier, vol. 105(C), pages 74-93.
    20. Martin Byford, 2003. "Moral Hazard From Costless Hidden Actions," Working Papers 2003.03, School of Economics, La Trobe University.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:pal:gpprii:v:48:y:2023:i:2:d:10.1057_s41288-023-00289-7. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.palgrave-journals.com/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.