Reducing Informational Disadvantages to Improve Cyber Risk Management

Effective cyber risk management should include the use of insurance not only to transfer cyber risk but also to provide incentives for insured enterprises to invest in cyber self-protection. Research indicates that asymmetric information, correlated loss, and interdependent security issues make this...

Full description

Saved in:
Bibliographic Details
Published in:Geneva papers on risk and insurance. Issues and practice 2018-04, Vol.43 (2), p.224-238
Main Authors: Shetty, Sachin, McShane, Michael, Zhang, Linfeng, Kesan, Jay P., Kamhoua, Charles A., Kwiat, Kevin, Njilla, Laurent L.
Format: Article
Language:English
Subjects:
Business insurance
Cybersecurity
Economics and Finance
Finance
Information technology
Insurance
Insurance companies
Insurance premiums
Risk Management
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Effective cyber risk management should include the use of insurance not only to transfer cyber risk but also to provide incentives for insured enterprises to invest in cyber self-protection. Research indicates that asymmetric information, correlated loss, and interdependent security issues make this difficult if insurers cannot monitor the cybersecurity efforts of the insured enterprises. To address this problem, this paper proposes the Cyber Risk Scoring and Mitigation (CRISM) tool, which estimates cyberattack probabilities by directly monitoring and scoring cyber risk based on assets at risk and continuously updated software vulnerabilities. CRISM also produces risk scores that allow organisations to optimally choose mitigation policies that can potentially reduce insurance premiums.
ISSN:1018-5895
1468-0440
DOI:10.1057/s41288-018-0078-3