IDEAS home Printed from https://ideas.repec.org/a/pal/gpprii/v43y2018i2d10.1057_s41288-018-0078-3.html
   My bibliography  Save this article

Reducing Informational Disadvantages to Improve Cyber Risk Management†

Author

Listed:
  • Sachin Shetty

    (Old Dominion University)

  • Michael McShane

    (Old Dominion University)

  • Linfeng Zhang

    (University of Illinois at Urbana-Champaign)

  • Jay P. Kesan

    (University of Illinois at Urbana-Champaign)

  • Charles A. Kamhoua

    (Air Force Research Lab)

  • Kevin Kwiat

    (Air Force Research Lab)

  • Laurent L. Njilla

    (Air Force Research Lab)

Abstract

Effective cyber risk management should include the use of insurance not only to transfer cyber risk but also to provide incentives for insured enterprises to invest in cyber self-protection. Research indicates that asymmetric information, correlated loss, and interdependent security issues make this difficult if insurers cannot monitor the cybersecurity efforts of the insured enterprises. To address this problem, this paper proposes the Cyber Risk Scoring and Mitigation (CRISM) tool, which estimates cyberattack probabilities by directly monitoring and scoring cyber risk based on assets at risk and continuously updated software vulnerabilities. CRISM also produces risk scores that allow organisations to optimally choose mitigation policies that can potentially reduce insurance premiums.

Suggested Citation

  • Sachin Shetty & Michael McShane & Linfeng Zhang & Jay P. Kesan & Charles A. Kamhoua & Kevin Kwiat & Laurent L. Njilla, 2018. "Reducing Informational Disadvantages to Improve Cyber Risk Management†," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 43(2), pages 224-238, April.
    • Handle: RePEc:pal:gpprii:v:43:y:2018:i:2:d:10.1057_s41288-018-0078-3
    DOI: 10.1057/s41288-018-0078-3
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1057/s41288-018-0078-3
    File Function: Abstract
    Download Restriction: Access to full text is restricted to subscribers.
    File URL: https://libkey.io/10.1057/s41288-018-0078-3?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Jay Kesan & Rupterto Majuca & William Yurcik, "undated". "The Economic Case for Cyberinsurance," University of Illinois Legal Working Paper Series uiuclwps-1001, University of Illinois College of Law.
    2. Ehrlich, Isaac & Becker, Gary S, 1972. "Market Insurance, Self-Insurance, and Self-Protection," Journal of Political Economy, University of Chicago Press, vol. 80(4), pages 623-648, July-Aug..
    3. Christian Biener & Martin Eling & Jan Hendrik Wirfs, 2015. "Insurability of Cyber Risk: An Empirical Analysis†," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 40(1), pages 131-158, January.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Zängerle, Daniel & Schiereck, Dirk, 2022. "Modelling and predicting enterprise‑level cyber risks in the context of sparse data availability," Publications of Darmstadt Technical University, Institute for Business Studies (BWL) 136276, Darmstadt Technical University, Department of Business Administration, Economics and Law, Institute for Business Studies (BWL).
    2. Moti Zwilling, 2022. "Trends and Challenges Regarding Cyber Risk Mitigation by CISOs—A Systematic Literature and Experts’ Opinion Review Based on Text Analytics," Sustainability, MDPI, vol. 14(3), pages 1-29, January.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Eling, Martin & Wirfs, Jan Hendrik, 2016. "Cyber Risk: Too Big to Insure? Risk Transfer Options for a mercurial risk class," I.VW HSG Schriftenreihe, University of St.Gallen, Institute of Insurance Economics (I.VW-HSG), volume 59, number 59.
    2. Goldzahl, Léontine, 2017. "Contributions of risk preference, time orientation and perceptions to breast cancer screening regularity," Social Science & Medicine, Elsevier, vol. 185(C), pages 147-157.
    3. M.-C. Fagart & B. Kambia-Chopin, 2002. "Aléa moral et sélection adverse sur le marché de l’assurance," THEMA Working Papers 2002-09, THEMA (THéorie Economique, Modélisation et Applications), Université de Cergy-Pontoise.
    4. Christian Gollier & James Hammitt & Nicolas Treich, 2013. "Risk and choice: A research saga," Journal of Risk and Uncertainty, Springer, vol. 47(2), pages 129-145, October.
    5. Allen, W. David, 2013. "Self-protection against crime victimization: Theory and evidence from university campuses," International Review of Law and Economics, Elsevier, vol. 34(C), pages 21-33.
    6. Michael Grimm & Carole Treibich, 2013. "Why Do Some Bikers Wear a Helmet and Others Don't? Evidence from Delhi, India," AMSE Working Papers 1348, Aix-Marseille School of Economics, France, revised 10 Oct 2013.
    7. Heyes, Anthony & Rickman, Neil & Tzavara, Dionisia, 2004. "Legal expenses insurance, risk aversion and litigation," International Review of Law and Economics, Elsevier, vol. 24(1), pages 107-119, March.
    8. Agarwal, Sumit & Satyanarain, Rengarajan & Sing, Tien Foo & Vollmer, Derek, 2016. "Effects of construction activities on residential electricity consumption: Evidence from Singapore's public housing estates," Energy Economics, Elsevier, vol. 55(C), pages 101-111.
    9. Ehrlich, Isaac & Yin, Yong, 2018. "The problem of the uninsured," Research in Economics, Elsevier, vol. 72(1), pages 147-168.
    10. Lorilee A. Medders & Charles M. Nyce & J. Bradley Karl, 2014. "Market Implications of Public Policy Interventions: The Case of Florida's Property Insurance Market," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 17(2), pages 183-214, September.
    11. Bruno Biais & Florian Heider & Marie Hoerova, 2012. "Clearing, Counterparty Risk, and Aggregate Risk," IMF Economic Review, Palgrave Macmillan;International Monetary Fund, vol. 60(2), pages 193-222, July.
    12. Peter Zweifel, 2006. "Auftrag und Grenzen der Sozialen Krankenversicherung," Perspektiven der Wirtschaftspolitik, Verein für Socialpolitik, vol. 7(s1), pages 5-26, May.
    13. Zhang, Bo & Zhou, Peng, 2021. "Financial development and economic growth in a microfounded small open economy model," The North American Journal of Economics and Finance, Elsevier, vol. 58(C).
    14. Marco Modica & Roberto Zoboli & Fabrizio Meroni & Vera Pessina & Thea Squarcina & Mario Locati, 2021. "‘Near miss’ housing market response to the 2012 northern Italy earthquake: The role of housing quality and risk perception," Urban Studies, Urban Studies Journal Limited, vol. 58(11), pages 2293-2309, August.
    15. Matteo Malavasi & Gareth W. Peters & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang & Georgy Sofronov, 2021. "Cyber Risk Frequency, Severity and Insurance Viability," Papers 2111.03366, arXiv.org, revised Mar 2022.
    16. Deana GROBE & Robin DOUTHITT & Lydia ZEPEDA, 1997. "CONSUMER RISK PERCEPTION PROFILES FOR THE FOOD-RELATED BIOTECHNOLOGY, RECOMBINANT BOVINE GROWTH HORMONE (rbGH)," Department of Resource Economics Regional Research Project 9613, University of Massachusetts.
    17. Michael Magill & Martine Quinzii, 2009. "The probability approach to general equilibrium with production," Economic Theory, Springer;Society for the Advancement of Economic Theory (SAET), vol. 39(1), pages 1-41, April.
    18. Courbage, Christophe & Rey, Béatrice, 2012. "Optimal prevention and other risks in a two-period model," Mathematical Social Sciences, Elsevier, vol. 63(3), pages 213-217.
    19. Carpentier, A. & Reboud, X., 2018. "Why farmers consider pesticides the ultimate in crop protection: economic and behavioral insights," 2018 Conference, July 28-August 2, 2018, Vancouver, British Columbia 277528, International Association of Agricultural Economists.
    20. Ulrik Franke, 2020. "IT service outage cost: case study and implications for cyber insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 760-784, October.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:pal:gpprii:v:43:y:2018:i:2:d:10.1057_s41288-018-0078-3. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.palgrave-journals.com/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.