IDEAS home Printed from https://ideas.repec.org/p/arx/papers/2211.04762.html
   My bibliography  Save this paper

Building Resilience in Cybersecurity -- An Artificial Lab Approach

Author

Listed:
  • Kerstin Awiszus
  • Yannick Bell
  • Jan Luttringhaus
  • Gregor Svindland
  • Alexander Vo{ss}
  • Stefan Weber

Abstract

Based on classical contagion models we introduce an artificial cyber lab: the digital twin of a complex cyber system in which possible cyber resilience measures may be implemented and tested. Using the lab, in numerical case studies, we identify two classes of measures to control systemic cyber risks: security- and topology-based interventions. We discuss the implications of our findings on selected real-world cybersecurity measures currently applied in the insurance and regulation practice or under discussion for future cyber risk control. To this end, we provide a brief overview of the current cybersecurity regulation and emphasize the role of insurance companies as private regulators. Moreover, from an insurance point of view, we provide first attempts to design systemic cyber risk obligations and to measure the systemic risk contribution of individual policyholders.

Suggested Citation

  • Kerstin Awiszus & Yannick Bell & Jan Luttringhaus & Gregor Svindland & Alexander Vo{ss} & Stefan Weber, 2022. "Building Resilience in Cybersecurity -- An Artificial Lab Approach," Papers 2211.04762, arXiv.org, revised Sep 2023.
    • Handle: RePEc:arx:papers:2211.04762
    as

    Download full text from publisher

    File URL: http://arxiv.org/pdf/2211.04762
    File Function: Latest version
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Trey Herr, 2021. "Cyber insurance and private governance: The enforcement power of markets," Regulation & Governance, John Wiley & Sons, vol. 15(1), pages 98-114, January.
    2. Louise Marie Hurel & Luisa Cruz Lobato, 2018. "Unpacking cyber norms: private companies as norm entrepreneurs," Journal of Cyber Policy, Taylor & Francis Journals, vol. 3(1), pages 61-76, January.
    3. Fahrenwaldt, Matthias A. & Weber, Stefan & Weske, Kerstin, 2018. "Pricing Of Cyber Insurance Contracts In A Network Model," ASTIN Bulletin, Cambridge University Press, vol. 48(3), pages 1175-1218, September.
    4. Hurel Silva Dias, Louise & Lobato, Luisa Cruz, 2018. "Unpacking cyber norms: private companies as norm entrepreneurs," LSE Research Online Documents on Economics 115525, London School of Economics and Political Science, LSE Library.
    5. Maochao Xu & Lei Hua, 2019. "Cybersecurity Insurance: Modeling and Pricing," North American Actuarial Journal, Taylor & Francis Journals, vol. 23(2), pages 220-249, April.
    6. Kerstin Awiszus & Thomas Knispel & Irina Penner & Gregor Svindland & Alexander Vo{ss} & Stefan Weber, 2022. "Modeling and Pricing Cyber Insurance -- Idiosyncratic, Systematic, and Systemic Risks," Papers 2209.07415, arXiv.org, revised Dec 2022.
    7. Jan Martin Lemnitzer, 2021. "Why cybersecurity insurance should be regulated and compulsory," Journal of Cyber Policy, Taylor & Francis Journals, vol. 6(2), pages 118-136, May.
    8. Yeftanus Antonio & Sapto Wahyu Indratno & Rinovia Simanjuntak, 2021. "Cyber Insurance Ratemaking: A Graph Mining Approach," Risks, MDPI, vol. 9(12), pages 1-34, December.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Gabriela Zeller & Matthias Scherer, 2023. "Risk mitigation services in cyber insurance: optimal contract design and price structure," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 502-547, April.
    2. Yeftanus Antonio & Sapto Wahyu Indratno & Rinovia Simanjuntak, 2021. "Cyber Insurance Ratemaking: A Graph Mining Approach," Risks, MDPI, vol. 9(12), pages 1-34, December.
    3. Malavasi, Matteo & Peters, Gareth W. & Shevchenko, Pavel V. & Trück, Stefan & Jang, Jiwook & Sofronov, Georgy, 2022. "Cyber risk frequency, severity and insurance viability," Insurance: Mathematics and Economics, Elsevier, vol. 106(C), pages 90-114.
    4. Zhang, Xiaoyu & Xu, Maochao & Su, Jianxi & Zhao, Peng, 2023. "Structural models for fog computing based internet of things architectures with insurance and risk management applications," European Journal of Operational Research, Elsevier, vol. 305(3), pages 1273-1291.
    5. Da, Gaofeng & Xu, Maochao & Zhao, Peng, 2021. "Multivariate dependence among cyber risks based on L-hop propagation," Insurance: Mathematics and Economics, Elsevier, vol. 101(PB), pages 525-546.
    6. Tobias Liebetrau & Linda Monsees, 2023. "Assembling Publics: Microsoft, Cybersecurity, and Public‐Private Relations," Politics and Governance, Cogitatio Press, vol. 11(3), pages 157-167.
    7. Jevtić, Petar & Lanchier, Nicolas, 2020. "Dynamic structural percolation model of loss distribution for cyber risk of small and medium-sized enterprises for tree-based LAN topology," Insurance: Mathematics and Economics, Elsevier, vol. 91(C), pages 209-223.
    8. Yeftanus Antonio & Sapto Wahyu Indratno & Suhadi Wido Saputro, 2021. "Pricing of cyber insurance premiums using a Markov-based dynamic model with clustering structure," PLOS ONE, Public Library of Science, vol. 16(10), pages 1-28, October.
    9. Caroline Hillairet & Olivier Lopez & Louise d'Oultremont & Brieuc Spoorenberg, 2022. "Cyber contagion: impact of the network structure on the losses of an insurance portfolio," Post-Print hal-03388840, HAL.
    10. Mazaher Kianpour & Stewart J. Kowalski & Harald Øverby, 2021. "Systematically Understanding Cybersecurity Economics: A Survey," Sustainability, MDPI, vol. 13(24), pages 1-28, December.
    11. Caroline Hillairet & Olivier Lopez & Louise d'Oultremont & Brieuc Spoorenberg, 2021. "Cyber contagion: impact of the network structure on the losses of an insurance portfolio," Working Papers hal-03388840, HAL.
    12. Farkas, Sébastien & Lopez, Olivier & Thomas, Maud, 2021. "Cyber claim analysis using Generalized Pareto regression trees with applications to insurance," Insurance: Mathematics and Economics, Elsevier, vol. 98(C), pages 92-105.
    13. Levinson, Nanette S., 2021. "Idea entrepreneurs: The United Nations Open-Ended Working Group & cybersecurity," Telecommunications Policy, Elsevier, vol. 45(6).
    14. Michel Dacorogna & Marie Kratz, 2022. "Special Issue “Cyber Risk and Security”," Risks, MDPI, vol. 10(6), pages 1-4, May.
    15. Radu, Roxana & Kettemann, Matthias C. & Meyer, Trisha & Shahin, Jamal, 2021. "Normfare: Norm entrepreneurship in internet governance," Telecommunications Policy, Elsevier, vol. 45(6).
    16. Olivier Lopez & Caroline Hillairet, 2021. "Propagation of cyber incidents in an insurance portfolio: counting processes combined with compartmental epidemiological models," Post-Print hal-02564462, HAL.
    17. Hillairet, Caroline & Lopez, Olivier & d'Oultremont, Louise & Spoorenberg, Brieuc, 2022. "Cyber-contagion model with network structure applied to insurance," Insurance: Mathematics and Economics, Elsevier, vol. 107(C), pages 88-101.
    18. Daniel W. Woods & Jessica Weinkle, 2020. "Insurance definitions of cyber war," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 639-656, October.
    19. Zhang, Xiaoyu & Xu, Maochao & Da, Gaofeng & Zhao, Peng, 2021. "Ensuring confidentiality and availability of sensitive data over a network system under cyber threats," Reliability Engineering and System Safety, Elsevier, vol. 214(C).
    20. Ma, Boyuan & Chu, Tingjin & Jin, Zhuo, 2022. "Frequency and severity estimation of cyber attacks using spatial clustering analysis," Insurance: Mathematics and Economics, Elsevier, vol. 106(C), pages 33-45.

    More about this item

    NEP fields

    This paper has been announced in the following NEP Reports:

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:arx:papers:2211.04762. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: arXiv administrators (email available below). General contact details of provider: http://arxiv.org/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.