IDEAS home Printed from https://ideas.repec.org/a/wly/riskan/v40y2020i3p550-564.html
   My bibliography  Save this article

Robustness of Optimal Investment Decisions in Mixed Insurance/Investment Cyber Risk Management

Author

Listed:
  • Alessandro Mazzoccoli
  • Maurizio Naldi

Abstract

An integrated risk management strategy, combining insurance and security investments, where the latter contribute to reduce the insurance premium, is investigated to assess whether it can lead to reduced overall security expenses. The optimal investment for this mixed strategy is derived under three insurance policies, covering, respectively, all the losses (total coverage), just those below the limit of maximum liability (partial coverage), and those above a threshold but below the maximum liability (partial coverage with deductibles). Under certain conditions (e.g., low potential loss, or either very low or very high vulnerability), the mixed strategy reverts however to insurance alone, because investments do not provide an additional benefit. When the mixed strategy is the best choice, the dominant component in the overall security expenses is the insurance premium in most cases. Optimal investment decisions require an accurate estimate of the vulnerability, whereas larger estimation errors may be tolerated for the investment‐effectiveness coefficient.

Suggested Citation

  • Alessandro Mazzoccoli & Maurizio Naldi, 2020. "Robustness of Optimal Investment Decisions in Mixed Insurance/Investment Cyber Risk Management," Risk Analysis, John Wiley & Sons, vol. 40(3), pages 550-564, March.
    • Handle: RePEc:wly:riskan:v:40:y:2020:i:3:p:550-564
    DOI: 10.1111/risa.13416
    as

    Download full text from publisher

    File URL: https://doi.org/10.1111/risa.13416
    Download Restriction: no
    File URL: https://libkey.io/10.1111/risa.13416?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Huang, C. Derrick & Behara, Ravi S., 2013. "Economics of information security investment in the case of concurrent heterogeneous attacks with budget constraints," International Journal of Production Economics, Elsevier, vol. 141(1), pages 255-268.
    2. Levitin, Gregory & Xing, Liudong & Dai, Yuanshun, 2018. "Co-residence based data vulnerability vs. security in cloud computing system with random server assignment," European Journal of Operational Research, Elsevier, vol. 267(2), pages 676-686.
    3. Maurizio Naldi & Marta Flamini & Giuseppe D’Acquisto, 2018. "Negligence and sanctions in information security investments in a cloud environment," Electronic Markets, Springer;IIM University of St. Gallen, vol. 28(1), pages 39-52, February.
    4. Jay Kesan & Rupterto Majuca & William Yurcik, "undated". "The Economic Case for Cyberinsurance," University of Illinois Legal Working Paper Series uiuclwps-1001, University of Illinois College of Law.
    5. Eling, Martin & Wirfs, Jan, 2019. "What are the actual costs of cyber risk events?," European Journal of Operational Research, Elsevier, vol. 272(3), pages 1109-1119.
    6. Grzegorz Strupczewski, 2018. "Current state of the cyber insurance market," Proceedings of Economics and Finance Conferences 6910062, International Institute of Social and Economic Sciences.
    7. Ouyang, Min, 2017. "A mathematical framework to optimize resilience of interdependent critical infrastructure systems under spatially localized attacks," European Journal of Operational Research, Elsevier, vol. 262(3), pages 1072-1084.
    8. Young, Derek & Lopez, Juan & Rice, Mason & Ramsey, Benjamin & McTasney, Robert, 2016. "A framework for incorporating insurance in critical infrastructure cyber risk strategies," International Journal of Critical Infrastructure Protection, Elsevier, vol. 14(C), pages 43-57.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Mazaher Kianpour & Stewart J. Kowalski & Harald Øverby, 2021. "Systematically Understanding Cybersecurity Economics: A Survey," Sustainability, MDPI, vol. 13(24), pages 1-28, December.
    2. Loretta Mastroeni & Alessandro Mazzoccoli & Maurizio Naldi, 2022. "Pricing Cat Bonds for Cloud Service Failures," JRFM, MDPI, vol. 15(10), pages 1-18, October.
    3. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    4. Alessandro Mazzoccoli & Maurizio Naldi, 2022. "An Overview of Security Breach Probability Models," Risks, MDPI, vol. 10(11), pages 1-29, November.
    5. Mastroeni, Loretta & Mazzoccoli, Alessandro & Vellucci, Pierluigi, 2024. "Studying the impact of fluctuations, spikes and rare events in time series through a wavelet entropy predictability measure," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 641(C).
    6. Alessandro Mazzoccoli, 2023. "Optimal Cyber Security Investment in a Mixed Risk Management Framework: Examining the Role of Cyber Insurance and Expenditure Analysis," Risks, MDPI, vol. 11(9), pages 1-14, August.
    7. Gabriela Zeller & Matthias Scherer, 2023. "Risk mitigation services in cyber insurance: optimal contract design and price structure," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 502-547, April.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Alessandro Mazzoccoli & Maurizio Naldi, 2021. "Optimal Investment in Cyber-Security under Cyber Insurance for a Multi-Branch Firm," Risks, MDPI, vol. 9(1), pages 1-28, January.
    2. Alessandro Mazzoccoli & Maurizio Naldi, 2022. "An Overview of Security Breach Probability Models," Risks, MDPI, vol. 10(11), pages 1-29, November.
    3. Gabriela Zeller & Matthias Scherer, 2023. "Risk mitigation services in cyber insurance: optimal contract design and price structure," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 502-547, April.
    4. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    5. Alessandro Mazzoccoli, 2023. "Optimal Cyber Security Investment in a Mixed Risk Management Framework: Examining the Role of Cyber Insurance and Expenditure Analysis," Risks, MDPI, vol. 11(9), pages 1-14, August.
    6. Md. Hamid Uddin & Md. Hakim Ali & Mohammad Kabir Hassan, 2020. "Cybersecurity hazards and financial system vulnerability: a synthesis of literature," Risk Management, Palgrave Macmillan, vol. 22(4), pages 239-309, December.
    7. Levitin, Gregory & Xing, Liudong & Xiang, Yanping, 2020. "Optimization of time constrained N-version programming service components with competing task execution and version corruption processes," Reliability Engineering and System Safety, Elsevier, vol. 193(C).
    8. Pavel V. Shevchenko & Jiwook Jang & Matteo Malavasi & Gareth W. Peters & Georgy Sofronov & Stefan Truck, 2022. "The Nature of Losses from Cyber-Related Events: Risk Categories and Business Sectors," Papers 2202.10189, arXiv.org, revised Mar 2022.
    9. Hao, Yucheng & Jia, Limin & Zio, Enrico & Wang, Yanhui & Small, Michael & Li, Man, 2023. "Improving resilience of high-speed train by optimizing repair strategies," Reliability Engineering and System Safety, Elsevier, vol. 237(C).
    10. Mazaher Kianpour & Stewart J. Kowalski & Harald Øverby, 2021. "Systematically Understanding Cybersecurity Economics: A Survey," Sustainability, MDPI, vol. 13(24), pages 1-28, December.
    11. Matteo Malavasi & Gareth W. Peters & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang & Georgy Sofronov, 2021. "Cyber Risk Frequency, Severity and Insurance Viability," Papers 2111.03366, arXiv.org, revised Mar 2022.
    12. Hayes, Darren R. & Cappa, Francesco, 2018. "Open-source intelligence for risk assessment," Business Horizons, Elsevier, vol. 61(5), pages 689-697.
    13. Daniel Schatz & Rabih Bashroush, 0. "Economic valuation for information security investment: a systematic literature review," Information Systems Frontiers, Springer, vol. 0, pages 1-24.
    14. Suyuan Luo & Tsan‐Ming Choi, 2022. "E‐commerce supply chains with considerations of cyber‐security: Should governments play a role?," Production and Operations Management, Production and Operations Management Society, vol. 31(5), pages 2107-2126, May.
    15. Agbodoh-Falschau, Kouassi Raymond & Ravaonorohanta, Bako Harinivo, 2023. "Investigating the influence of governance determinants on reporting cybersecurity incidents to police: Evidence from Canadian organizations’ perspectives," Technology in Society, Elsevier, vol. 74(C).
    16. Uddin, Md Hamid & Mollah, Sabur & Islam, Nazrul & Ali, Md Hakim, 2023. "Does digital transformation matter for operational risk exposure?," Technological Forecasting and Social Change, Elsevier, vol. 197(C).
    17. Xiaoge Zhang & Sankaran Mahadevan & Kai Goebel, 2019. "Network Reconfiguration for Increasing Transportation System Resilience Under Extreme Events," Risk Analysis, John Wiley & Sons, vol. 39(9), pages 2054-2075, September.
    18. Mohammed M. Al-Humaiqani & Sami G. Al-Ghamdi, 2023. "Assessing the Built Environment’s Reflectivity, Flexibility, Resourcefulness, and Rapidity Resilience Qualities against Climate Change Impacts from the Perspective of Different Stakeholders," Sustainability, MDPI, vol. 15(6), pages 1-30, March.
    19. Li, Yapeng & Qiao, Shun & Deng, Ye & Wu, Jun, 2019. "Stackelberg game in critical infrastructures from a network science perspective," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 521(C), pages 705-714.
    20. Dui, Hongyan & Lu, Yaohui & Chen, Liwei, 2024. "Importance-based system cost management and failure risk analysis for different phases in life cycle," Reliability Engineering and System Safety, Elsevier, vol. 242(C).

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:wly:riskan:v:40:y:2020:i:3:p:550-564. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Wiley Content Delivery (email available below). General contact details of provider: https://doi.org/10.1111/(ISSN)1539-6924 .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.