IDEAS home Printed from https://ideas.repec.org/a/pal/gpprii/v43y2018i2d10.1057_s41288-018-0078-3.html
   My bibliography  Save this article

Reducing Informational Disadvantages to Improve Cyber Risk Management†

Author

Listed:
  • Sachin Shetty

    (Old Dominion University)

  • Michael McShane

    (Old Dominion University)

  • Linfeng Zhang

    (University of Illinois at Urbana-Champaign)

  • Jay P. Kesan

    (University of Illinois at Urbana-Champaign)

  • Charles A. Kamhoua

    (Air Force Research Lab)

  • Kevin Kwiat

    (Air Force Research Lab)

  • Laurent L. Njilla

    (Air Force Research Lab)

Abstract

Effective cyber risk management should include the use of insurance not only to transfer cyber risk but also to provide incentives for insured enterprises to invest in cyber self-protection. Research indicates that asymmetric information, correlated loss, and interdependent security issues make this difficult if insurers cannot monitor the cybersecurity efforts of the insured enterprises. To address this problem, this paper proposes the Cyber Risk Scoring and Mitigation (CRISM) tool, which estimates cyberattack probabilities by directly monitoring and scoring cyber risk based on assets at risk and continuously updated software vulnerabilities. CRISM also produces risk scores that allow organisations to optimally choose mitigation policies that can potentially reduce insurance premiums.

Suggested Citation

  • Sachin Shetty & Michael McShane & Linfeng Zhang & Jay P. Kesan & Charles A. Kamhoua & Kevin Kwiat & Laurent L. Njilla, 2018. "Reducing Informational Disadvantages to Improve Cyber Risk Management†," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 43(2), pages 224-238, April.
    • Handle: RePEc:pal:gpprii:v:43:y:2018:i:2:d:10.1057_s41288-018-0078-3
    DOI: 10.1057/s41288-018-0078-3
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1057/s41288-018-0078-3
    File Function: Abstract
    Download Restriction: Access to full text is restricted to subscribers.
    File URL: https://libkey.io/10.1057/s41288-018-0078-3?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Christian Biener & Martin Eling & Jan Hendrik Wirfs, 2015. "Insurability of Cyber Risk: An Empirical Analysis†," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 40(1), pages 131-158, January.
    2. Jay Kesan & Rupterto Majuca & William Yurcik, "undated". "The Economic Case for Cyberinsurance," University of Illinois Legal Working Paper Series uiuclwps-1001, University of Illinois College of Law.
    3. Ehrlich, Isaac & Becker, Gary S, 1972. "Market Insurance, Self-Insurance, and Self-Protection," Journal of Political Economy, University of Chicago Press, vol. 80(4), pages 623-648, July-Aug..
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Zängerle, Daniel & Schiereck, Dirk, 2022. "Modelling and predicting enterprise‑level cyber risks in the context of sparse data availability," Publications of Darmstadt Technical University, Institute for Business Studies (BWL) 136276, Darmstadt Technical University, Department of Business Administration, Economics and Law, Institute for Business Studies (BWL).
    2. Moti Zwilling, 2022. "Trends and Challenges Regarding Cyber Risk Mitigation by CISOs—A Systematic Literature and Experts’ Opinion Review Based on Text Analytics," Sustainability, MDPI, vol. 14(3), pages 1-29, January.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Eling, Martin & Wirfs, Jan Hendrik, 2016. "Cyber Risk: Too Big to Insure? Risk Transfer Options for a mercurial risk class," I.VW HSG Schriftenreihe, University of St.Gallen, Institute of Insurance Economics (I.VW-HSG), volume 59, number 59.
    2. Aaron J. Enriquez & Kevin Berry & Maria Fernandez & Nichar Gregory & Kacey C. Ernst & Mary H. Hayden & Maria Diuk-Wasser, 2025. "Simple Stated Preference Questions Can Enhance Transdisciplinary Projects: Linking Perceived Risks With Willingness to Spray and Pay," Environmental & Resource Economics, Springer;European Association of Environmental and Resource Economists, vol. 88(1), pages 81-124, January.
    3. Eduardo Borensztein & Eduardo Cavallo & Patricio Valenzuela, 2009. "Debt Sustainability Under Catastrophic Risk: The Case for Government Budget Insurance," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 12(2), pages 273-294, September.
    4. Gaurav, Sarthak, 2015. "Are Rainfed Agricultural Households Insured? Evidence from Five Villages in Vidarbha, India," World Development, Elsevier, vol. 66(C), pages 719-736.
    5. Martin Boyer & Martin Eling, 2023. "New advances on cyber risk and cyber insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 267-274, April.
    6. Goldzahl, Léontine, 2017. "Contributions of risk preference, time orientation and perceptions to breast cancer screening regularity," Social Science & Medicine, Elsevier, vol. 185(C), pages 147-157.
    7. M.-C. Fagart & B. Kambia-Chopin, 2002. "Aléa moral et sélection adverse sur le marché de l’assurance," THEMA Working Papers 2002-09, THEMA (THéorie Economique, Modélisation et Applications), Université de Cergy-Pontoise.
    8. Véronique Flambard & Fabrice Le Lec & Rustam Romaniuc, 2024. "An experimental comparison of contributions in collective prevention games and public goods games," Economic Inquiry, Western Economic Association International, vol. 62(4), pages 1598-1617, October.
    9. repec:ipg:wpaper:23 is not listed on IDEAS
    10. Derrick Huang, C. & Hu, Qing & Behara, Ravi S., 2008. "An economic analysis of the optimal information security investment in the case of a risk-averse firm," International Journal of Production Economics, Elsevier, vol. 114(2), pages 793-804, August.
    11. Christian Gollier & James Hammitt & Nicolas Treich, 2013. "Risk and choice: A research saga," Journal of Risk and Uncertainty, Springer, vol. 47(2), pages 129-145, October.
    12. Allen, W. David, 2013. "Self-protection against crime victimization: Theory and evidence from university campuses," International Review of Law and Economics, Elsevier, vol. 34(C), pages 21-33.
    13. Michael Grimm & Carole Treibich, 2013. "Why Do Some Bikers Wear a Helmet and Others Don't? Evidence from Delhi, India," AMSE Working Papers 1348, Aix-Marseille School of Economics, France, revised 10 Oct 2013.
    14. Patrice Loisel & Marielle Brunette & Stéphane Couture, 2020. "Insurance and Forest Rotation Decisions Under Storm Risk," Environmental & Resource Economics, Springer;European Association of Environmental and Resource Economists, vol. 76(2), pages 347-367, July.
    15. Alan M. Garber & Charles E. Phelps, 1992. "Economic Foundations of Cost Effective Analysis," NBER Working Papers 4164, National Bureau of Economic Research, Inc.
    16. Timothy F. Harris & Aaron Yelowitz, 2018. "Racial disparities in life insurance coverage," Applied Economics, Taylor & Francis Journals, vol. 50(1), pages 94-107, January.
    17. Heyes, Anthony & Rickman, Neil & Tzavara, Dionisia, 2004. "Legal expenses insurance, risk aversion and litigation," International Review of Law and Economics, Elsevier, vol. 24(1), pages 107-119, March.
    18. Frame, David E., 2001. "Insurance and Community Welfare," Journal of Urban Economics, Elsevier, vol. 49(2), pages 267-284, March.
    19. Dionne, Georges & Harrington, Scott, 2017. "Insurance and Insurance Markets," Working Papers 17-2, HEC Montreal, Canada Research Chair in Risk Management.
    20. Malavasi, Matteo & Peters, Gareth W. & Shevchenko, Pavel V. & Trück, Stefan & Jang, Jiwook & Sofronov, Georgy, 2022. "Cyber risk frequency, severity and insurance viability," Insurance: Mathematics and Economics, Elsevier, vol. 106(C), pages 90-114.
    21. Gareth W. Peters & Matteo Malavasi & Georgy Sofronov & Pavel V. Shevchenko & Stefan Trück & Jiwook Jang, 2023. "Cyber loss model risk translates to premium mispricing and risk sensitivity," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 372-433, April.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:pal:gpprii:v:43:y:2018:i:2:d:10.1057_s41288-018-0078-3. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.palgrave-journals.com/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.