Abstract
Cyber-insurance has been studied as both a method for risk-transfer, as well as a potential incentive mechanism for improving the state of cyber-security. However, in the absence of regulated insurance markets or compulsory insurance, the introduction of insurance deteriorates network security. This is because by transferring part of their risk to the insurer, the insured agents can decrease their levels of effort. In this paper, we consider the design of insurance contracts by an (unregulated) profit-maximizing insurer, and allow for voluntary participation. We propose the use of pre-screening to offer premium discounts to higher effort agents. We show that such premium discrimination not only helps the insurer attain higher profits, but also leads the agents to improve their efforts. We show that with interdependent agents, the incentivized improvement in efforts can compensate for the effort reduction resulting from risk transfer, thus improving the state of network security over the no-insurance scenario. In other words, the availability of pre-screening signals benefits both the insurer, as well as the state of network security, without the need to regulate the market or compulsory participation.
This work is partially supported by the NSF under grant CNS-1616575.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Throughout the paper, we use she/her and he/his to refer to the insurer and agent(s), respectively.
References
Bohme, R.: Cyber-insurance Revisited. Workshop on Economics Information Security (WEIS) (2005)
Bohme, R., Schwartz, G.: Modeling Cyber-Insurance: Towards a Unifying Framework. Workshop on Economics Information Security (WEIS) (2010)
Kesan, J., Majuca, R., Yurcik, W.: The economic case for cyberinsurance. In: Securing Privacy in the Internet Age. Stanford University Press (2005)
Kesan, J., Majuca, R., Yurcik, W.: Cyberinsurance as a Market-Based Solution to the Problem of Cybersecurity: a Case Study. Workshop on Economics Information Security (WEIS) (2005)
Hofmann, A.: Internalizing externalities of loss prevention through insurance monopoly. In: Proceeding Annual Meeting of American Risk and Insurance Association (2006)
Bolot, J., Lelarge, M.: Cyber-Insurance as an Incentive for Internet Security. Workshop on Economics Information Security (WEIS) (2008)
Pal, R., Golubchik, L., Psounis, K., Hui, P.: Will cyber-insurance improve network security? A market analysis. In: IEEE INFOCOM (2014)
Shetty, N., Schwartz, G., Felegyhazi, M., Walrand, J.: Competitive cyber-insurance and internet security. In: Economics of Information Security and Privacy (2010)
Shetty, N., Schwartz, G., Felegyhazi, M., Walrand, J.: Can competitive insurers improve network security?. In: International Conference on Trust and Trustworthy Computing (2010)
Osborne, M.J., Rubinstein, A.: A Course in Game Theory. MIT Press, Cambridge (1994)
www.dropbox.com/sh/euux09td56kqdnh/AAB6PGXFqa3BSbYyN4l1s5FZa?dl=0
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Khalili, M.M., Naghizadeh, P., Liu, M. (2017). Designing Cyber Insurance Policies: Mitigating Moral Hazard Through Security Pre-Screening. In: Duan, L., Sanjab, A., Li, H., Chen, X., Materassi, D., Elazouzi, R. (eds) Game Theory for Networks. GameNets 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 212. Springer, Cham. https://doi.org/10.1007/978-3-319-67540-4_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-67540-4_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67539-8
Online ISBN: 978-3-319-67540-4
eBook Packages: Computer ScienceComputer Science (R0)