IDEAS home Printed from https://ideas.repec.org/p/net/wpaper/1618.html
   My bibliography  Save this paper

Attack-Aware Cyber Insurance of Interdependent Computer Networks

Author

Listed:
  • Rui Zhang

    (Department of Electrical and Computer Engineering, Tandon School of Engineering, New York University, USA)

  • Quanyan Zhu

    (Department of Electrical and Computer Engineering, Tandon School of Engineering, New York University, USA)

Abstract

Cyber insurance is a valuable approach to mitigate further the cyber risk and its loss in addition to the deployment of technological cyber defense solutions such as intrusion detection systems and firewalls. An effective cyber insurance policy can reduce the number of successful cyber attacks by incentivizing the adoption of preventative measures and the implementation of best practices of the users. To study cyber insurance in a holistic manner, we first establish a bi-level game-theoretic model that nests a zero-sum game in a moral-hazard type of principal-agent game to capture complex interactions between a user, an attacker, and the insurer. The game framework provides an integrative view of the cyber insurance and enables a systematic design of incentive compatible and attack-aware insurance policy. The framework is further extended to study a network of users and their risk interdependencies. We completely characterize the equilibrium solutions of the bi-level game. Our analytical results provide a fundamental limit on insurability, predict the Peltzman effect, and reveal the principles of zero operating profit and the linear insurance policy of the insurer. We provide analytical results and numerical experiments to corroborate the analytical results and demonstrate the network effects as a result of the strategic interactions among three types of players.

Suggested Citation

  • Rui Zhang & Quanyan Zhu, 2016. "Attack-Aware Cyber Insurance of Interdependent Computer Networks," Working Papers 16-18, NET Institute.
  • Handle: RePEc:net:wpaper:1618
    as

    Download full text from publisher

    File URL: http://www.netinst.org/Zhu_16-18.pdf
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Peter Christoffersen, 2004. "Backtesting Value-at-Risk: A Duration-Based Approach," Journal of Financial Econometrics, Oxford University Press, vol. 2(1), pages 84-108.
    2. Acemoglu, Daron & Malekian, Azarakhsh & Ozdaglar, Asu, 2016. "Network security and contagion," Journal of Economic Theory, Elsevier, vol. 166(C), pages 536-585.
    3. Bengt Holmstrom, 1982. "Moral Hazard in Teams," Bell Journal of Economics, The RAND Corporation, vol. 13(2), pages 324-340, Autumn.
    4. Maxim Finkelstein, 2008. "Failure Rate Modelling for Reliability and Risk," Springer Series in Reliability Engineering, Springer, number 978-1-84800-986-8, February.
    5. Peltzman, Sam, 1975. "The Effects of Automobile Safety Regulation," Journal of Political Economy, University of Chicago Press, vol. 83(4), pages 677-725, August.
    6. Steven Shavell, 1979. "On Moral Hazard and Insurance," The Quarterly Journal of Economics, President and Fellows of Harvard College, vol. 93(4), pages 541-562.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Hoy, Michael & Polborn, Mattias K., 2015. "The value of technology improvements in games with externalities: A fresh look at offsetting behavior," Journal of Public Economics, Elsevier, vol. 131(C), pages 12-20.
    2. Jean Pinquet & Georges Dionne & Charles Vanasse & Mathieu Maurice, 2007. "Point-record incentives, asymmetric information and dynamic data," Working Papers hal-00243056, HAL.
    3. Lakdawalla, Darius & Zanjani, George, 2005. "Insurance, self-protection, and the economics of terrorism," Journal of Public Economics, Elsevier, vol. 89(9-10), pages 1891-1905, September.
    4. Cohen, Alma & Dehejia, Rajeev, 2004. "The Effect of Automobile Insurance and Accident Liability Laws on Traffic Fatalities," Journal of Law and Economics, University of Chicago Press, vol. 47(2), pages 357-393, October.
    5. Dionne, Georges & Michaud, Pierre-Carl & Pinquet, Jean, 2013. "A review of recent theoretical and empirical analyses of asymmetric information in road safety and automobile insurance," Research in Transportation Economics, Elsevier, vol. 43(1), pages 85-97.
    6. repec:ipf:psejou:v:42:y:2018:i:42:p:45-65 is not listed on IDEAS
    7. Asiri, Mohammed & Al-Hadi, Ahmed & Taylor, Grantley & Duong, Lien, 2020. "Is corporate tax avoidance associated with investment efficiency?," The North American Journal of Economics and Finance, Elsevier, vol. 52(C).
    8. Dionne, Georges, 2012. "The empirical measure of information problems with emphasis on insurance fraud and dynamic data," Working Papers 12-10, HEC Montreal, Canada Research Chair in Risk Management.
    9. Daron Acemoglu & Ali Makhdoumi & Azarakhsh Malekian & Asuman Ozdaglar, 2024. "Testing, Voluntary Social Distancing, and the Spread of an Infection," Operations Research, INFORMS, vol. 72(2), pages 533-548, March.
    10. M. Kate Bundorf & Jill DeMatteis & Grant Miller & Maria Polyakova & Jialu L. Streeter & Jonathan Wivagg, 2021. "Risk Perceptions and Protective Behaviors: Evidence from COVID-19 Pandemic," NBER Working Papers 28741, National Bureau of Economic Research, Inc.
    11. Dasaratha, Krishna, 2023. "Virus dynamics with behavioral responses," Journal of Economic Theory, Elsevier, vol. 214(C).
    12. Adriani, Fabrizio & Ladley, Dan, 2021. "Social distance, speed of containment and crowding in/out in a network model of contagion," Journal of Economic Behavior & Organization, Elsevier, vol. 190(C), pages 597-625.
    13. Pavel A. Yakovlev & Christina M. Orr-Magulick, 2018. "On the road again: traffic fatalities and auto insurance minimums," Public Sector Economics, Institute of Public Finance, vol. 42(1), pages 45-65.
    14. Hulisi Öğüt & Srinivasan Raghunathan & Nirup Menon, 2011. "Cyber Security Risk Management: Public Policy Implications of Correlated Risk, Imperfect Ability to Prove Loss, and Observability of Self‐Protection," Risk Analysis, John Wiley & Sons, vol. 31(3), pages 497-512, March.
    15. Sacha Kapoor, 2020. "Inefficient incentives and nonprice allocations: Experimental evidence from big‐box restaurants," Journal of Economics & Management Strategy, Wiley Blackwell, vol. 29(2), pages 401-419, April.
    16. Travis J. Lybbert & Troy C. Lybbert & Aaron Smith & Scott Warren, 2012. "Does the Red Flag Rule Induce Risk Taking in Sprint Finishes? Moral Hazard Crashes in Cycling’s Grand Tours," Journal of Sports Economics, , vol. 13(6), pages 603-618, December.
    17. Donald N. Dewees, 2016. "Are Automated Vehicles Coming at the Right Speed?," Working Papers tecipa-564, University of Toronto, Department of Economics.
    18. Carolyn A. Dehring & Martin Halek, 2013. "Coastal Building Codes and Hurricane Damage," Land Economics, University of Wisconsin Press, vol. 89(4), pages 597-613.
    19. Rajesh K. Aggarwal & Andrew A. Samwick, 1999. "Executive Compensation, Strategic Competition, and Relative Performance Evaluation: Theory and Evidence," Journal of Finance, American Finance Association, vol. 54(6), pages 1999-2043, December.
    20. Bogetoft, Peter & Nielsen, Kurt, 2003. "Yardstick Based Procurement Design In Natural Resource Management," 2003 Annual Meeting, August 16-22, 2003, Durban, South Africa 25910, International Association of Agricultural Economists.
    21. Takahashi, Makoto & Watanabe, Toshiaki & Omori, Yasuhiro, 2016. "Volatility and quantile forecasts by realized stochastic volatility models with generalized hyperbolic distribution," International Journal of Forecasting, Elsevier, vol. 32(2), pages 437-457.

    More about this item

    Keywords

    Cyber Insurance; Network Security; Moral Hazard; Information Asymmetry; Network Effects; Security Games; Mechanism Design;
    All these keywords.

    JEL classification:

    • G22 - Financial Economics - - Financial Institutions and Services - - - Insurance; Insurance Companies; Actuarial Studies
    • D80 - Microeconomics - - Information, Knowledge, and Uncertainty - - - General
    • D86 - Microeconomics - - Information, Knowledge, and Uncertainty - - - Economics of Contract Law

    NEP fields

    This paper has been announced in the following NEP Reports:

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:net:wpaper:1618. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Nicholas Economides (email available below). General contact details of provider: http://www.NETinst.org/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.