Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust and Trustworthy Computing

Trust 2010: Trust and Trustworthy Computing pp 308–322Cite as

Can Competitive Insurers Improve Network Security?

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6101))

Abstract

The interdependent nature of security on the Internet causes a negative externality that results in under-investment in technology-based defences. Previous research suggests that, in such an environment, cyber-insurance may serve as an important tool not only to manage risks but also to improve the incentives for investment in security. This paper investigates how competitive cyber-insurers affect network security and user welfare. We utilize a general setting, where the network is populated by identical users with arbitrary risk-aversion and network security is costly for the users. In our model, a user’s probability to incur damage (from being attacked) depends on both his security and the network security.

First, we consider cyber-insurers who cannot observe (and thus, affect) individual user security. This asymmetric information causes moral hazard. If an equilibrium exists, network security is always worse relative to the no-insurance equilibrium. Though user utility may rise due to a coverage of risks, total costs to society go up due to higher network insecurity.

Second, we consider insurers with full information about their users’ security. Here, user security is perfectly enforceable (zero cost). Each insurance contract stipulates the required user security and covers the entire user damage. Still, for a significant range of parameters, network security worsens relative to the no-insurance equilibrium. Thus, although cyber-insurance improves user welfare, in general, competitive cyber-insurers may fail to improve network security.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anderson, R., Böehme, R., Clayton, R., Moore, T.: Security economics and european policy. In: Proceedings of WEIS 2008, Hanover, USA, June 25-28 (2008)

    Google Scholar 

  2. Böhme, R.: Cyber-insurance revisited. In: Proceedings of WEIS 2005, Cambridge, USA (2005)

    Google Scholar 

  3. Gordon, L.A., Loeb, M., Sohail, T.: A framework for using insurance for cyber-risk management. Communications of the ACM 46(3), 81–85 (2003)

    Article  Google Scholar 

  4. Majuca, R.P., Yurcik, W., Kesan, J.P.: The evolution of cyberinsurance. Technical Report CR/0601020, ACM Computing Research Repository (2006)

    Google Scholar 

  5. Soohoo, K.: How much is enough? A risk-management approach to computer security. PhD thesis, Stanford University

    Google Scholar 

  6. Schechter, S.E.: Computer security strength and risk: a quantitative approach. PhD thesis, Cambridge, MA, USA, Adviser-Smith, Michael D (2004)

    Google Scholar 

  7. Bolot, J., Lelarge, M.: A new perspective on internet security using insurance. In: The 27th Conference on Computer Communications, INFOCOM 2008, April 2008, pp. 1948–1956. IEEE, Los Alamitos (2008)

    Chapter  Google Scholar 

  8. Boehme, R., Kataria, G.: Models and measures for correlation in cyber-insurance. In: Fifth Workshop on the Economics of Information Security (2006)

    Google Scholar 

  9. Kunreuther, H., Heal, G.: Interdependent security. Journal of Risk and Uncertainty 26(2-3), 231–249 (2003)

    Article  MATH  Google Scholar 

  10. Gordon, L.A., Loeb, M.P.: The economics of information security investment. ACM Trans. Inf. Syst. Secur. 5(4), 438–457 (2002)

    Article  Google Scholar 

  11. Hausken, K.: Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability. Information Systems Frontiers 8(5), 338–349 (2006)

    Article  Google Scholar 

  12. Grossklags, J., Christin, N., Chuang, J.: Secure or insure? a game-theoretic analysis of information security games. In: WWW 2008: Proceeding of the 17th international conference on World Wide Web, pp. 209–218. ACM, New York (2008)

    Chapter  Google Scholar 

  13. Varian, H.: System reliability and free riding. In: Workshop on the Economics of Information Security, WEIS 2002, Cambridge, USA (2002)

    Google Scholar 

  14. Ogut, H., Menon, N., Raghunathan, S.: Cyber insurance and it security investment: Impact of interdependent risk. In: Proceedings of WEIS 2005, Cambridge, USA (2005)

    Google Scholar 

  15. Hofmann, A.: Internalizing externalities of loss prevention through insurance monopoly: an analysis of interdependent risks. Geneva Risk and Insurance Review 32(1), 91–111 (2007)

    Article  Google Scholar 

  16. Baer, W.S., Parkinson, A.: Cyberinsurance in it security management. IEEE Security and Privacy 5(3), 50–56 (2007)

    Article  Google Scholar 

  17. Fisk, M.: Causes and remedies for social acceptance of network insecurity. In: Proceedings of WEIS 2002, Berkeley, USA (2002)

    Google Scholar 

  18. Honeyman, P., Schwartz, G., Assche, A.V.: Interdependence of reliability and security. In: Proceedings of WEIS 2007, Pittsburg, PA (2007)

    Google Scholar 

  19. Lelarge, M., Bolot, J.: Economic incentives to increase security in the internet: The case for insurance. In: INFOCOM 2009, April 2009, pp. 1494–1502. IEEE, Los Alamitos (2009)

    Google Scholar 

  20. Radosavac, S., Kempf, J., Kozat, U.: Using insurance to increase internet security. In: Proceedings of NetEcon 2008, Seattle, USA, August 22 (2008)

    Google Scholar 

  21. Shetty, N., Schwartz, G., Walrand, J.: Can Competitive Insurers improve Network Security (2010) (in preparation), www.eecs.berkeley.edu/~nikhils/SSW-Trust-Long.pdf

  22. Schwartz, G., Shetty, N., Walrand, J.: Cyber Insurance with Interdepedent Security and Aysmmetric Information (2010) (in preparation), www.eecs.berkeley.edu/~nikhils/EconSec.pdf

  23. Rothschild, M., Stiglitz, J.E.: Equilibrium in competitive insurance markets: An essay on the economics of imperfect information. The Quarterly Journal of Economics 90(4), 630–649 (1976)

    Article  Google Scholar 

  24. Akerlof, G.A.: The market for ‘lemons’: Quality uncertainty and the market mechanism. The Quarterly Journal of Economics 84(3), 488–500 (1970)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Electrical Engineering and Computer Sciences, University of California, Berkeley, Berkeley, California, 94720

    Nikhil Shetty, Galina Schwartz & Jean Walrand

Authors
  1. Nikhil Shetty
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Galina Schwartz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jean Walrand
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Heinz College, Carnegie Mellon University, 5000 Forbes Avenue, HBH 2105C, 15213, Pittsburgh, PA, USA

    Alessandro Acquisti

  2. Department of Computer Science, 6211 Sudikoff Laboratory, Dartmouth College, 03755-3510, Hanover, NH, USA

    Sean W. Smith

  3. System Security Lab, Ruhr University Bochum, Universitätsstr. 150, 44780, Bochum, Germany

    Ahmad-Reza Sadeghi

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Shetty, N., Schwartz, G., Walrand, J. (2010). Can Competitive Insurers Improve Network Security?. In: Acquisti, A., Smith, S.W., Sadeghi, AR. (eds) Trust and Trustworthy Computing. Trust 2010. Lecture Notes in Computer Science, vol 6101. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13869-0_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-13869-0_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-13868-3

  • Online ISBN: 978-3-642-13869-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation