Skip to main content
SpringerLink
Log in

Aegis A Novel Cyber-Insurance Model

  • Conference paper
Decision and Game Theory for Security (GameSec 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7037))

Included in the following conference series:

Abstract

Recent works on Internet risk management have proposed the idea of cyber-insurance to eliminate risks due to security threats, which cannot be tackled through traditional means such as by using antivirus and antivirus softwares. In reality, an Internet user faces risks due to security attacks as well as risks due to non-security related failures (e.g., reliability faults in the form of hardware crash, buffer overflow, etc.). These risk types are often indistinguishable by a naive user. However, a cyber-insurance agency would most likely insure risks only due to security attacks. In this case, it becomes a challenge for an Internet user to choose the right type of cyber-insurance contract as traditional optimal contracts, i.e., contracts for security attacks only, might prove to be sub-optimal for himself.

In this paper, we address the problem of analyzing cyber-insurance solutions when a user faces risks due to both, security as well as non-security related failures. We propose Aegis, a simple and novel cyber-insurance model in which the user accepts a fraction (strictly positive) of loss recovery on himself and transfers rest of the loss recovery on the cyber-insurance agency. We mathematically show that only under conditions when buying cyber-insurance is mandatory, given an option, risk-averse Internet users would prefer Aegis contracts to traditional cyber-insurance contracts, under all premium types. This result firmly establishes the non-existence of traditional cyber-insurance markets when Aegis contracts are offered to users. We also derive an interesting counterintuitive result related to the Aegis framework: we show that an increase(decrease) in the premium of an Aegis contract may not always lead to decrease(increase) in its user demand. In the process, we also state the conditions under which the latter trend and its converse emerge. Our work proposes a new model of cyber-insurance for Internet security that extends all previous related models by accounting for the extra dimension of non-insurable risks. Aegis also incentivizes Internet users to take up more personal responsibility for protecting their systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Schneier, B.: Secrets and Lies: Digital Security in a Networked World. John Wiley and Sons (2001)

    Google Scholar 

  2. Anderson, R.: Why Information Security is Hard - An Economic Perspective. In: Annual Computer Security Applications Conference (2001)

    Google Scholar 

  3. Anderson, R., Moore, T.: Information Security Economics and Beyond. Information Security Summit (2008)

    Google Scholar 

  4. Varian, H.: Managing Online Security Risks. The New York Times (June 1, 2000)

    Google Scholar 

  5. Kunreuther, H., Heal, G.: Interdependent Security. Journal of Risk and Uncertainty 26 (2002)

    Google Scholar 

  6. Grossklags, J., Christin, G., Chuang, J.: Security and Insurance Management in Networks with Heterogenous Agents. In: ACM EC (2008)

    Google Scholar 

  7. Jiang, L., Ananthram, V., Walrand, J.: How Bad are Selfish Investments in Network Security. IEEE Transactions On Networking (2010)

    Google Scholar 

  8. Ko-Miura, A.R., Yolken, B., Bambos, N., Mitchell, J.: Security Investment Games of Interdependent Organizations. Allerton (2008)

    Google Scholar 

  9. Omic, J., Orda, A., Mieghem, V.P.: Protecting Against Network Infections: A Game-Theoretic Perspective. In: IEEE INFOCOM (2009)

    Google Scholar 

  10. Katz, M., Shapiro, C.: Network Externalities, Competition, and Compatibility. The American Economic Review 75(3) (1985)

    Google Scholar 

  11. Kesan, J., Majuca, R., Yurcik, W.: The Economic Case for Cyber-Insurance: In Securing Privacy in the Internet Age. Stanford University Press (2005)

    Google Scholar 

  12. Kesan, J., Majuca, R., Yurcik, W.: Cyberinsurance As A Market-Based Solution To The Problem of Cyber-Security: A Case Study. In: WEIS (2005)

    Google Scholar 

  13. Scheier, B.: Its The Economics Stupid. In: WEIS (2002)

    Google Scholar 

  14. Yurcik, W., Doss, D.: Cyberinsurance: A Market Solution To The Internet Security Market Failure. In: WEIS (2002)

    Google Scholar 

  15. Lelarge, M., Bolot, J.: Cyberinsurance As An Incentive for Internet Security. In: WEIS (2008)

    Google Scholar 

  16. Lelarge, M., Bolot, J.: Economic Incentives to Increase Security in the Internet: The Case for Insurance. In: IEEE INFOCOM (2009)

    Google Scholar 

  17. Majuca, R.P., Yurcik, W., Kesan, J.P.: The Evolution of Cyberinsurance. Information Systems Frontier (2005)

    Google Scholar 

  18. Schneier, B.: Insurance and the Computer Industry. Communications of the ACM 44(3) (2001)

    Google Scholar 

  19. Honeyman, P., Schwarz, G.: Interdependence of Reliability and Security. In: WEIS (2007)

    Google Scholar 

  20. Neumann, J.V., Morgenstern, O.: Theory of Games and Economic Behavior. Princeton University Press (2009)

    Google Scholar 

  21. Mascollel, A., Winston, M.D., Green, J.R.: Microeconomic Theory. Oxford University Press (1985)

    Google Scholar 

  22. Hau, A.: When is A Coinsurance-Type Insurance Policy Inferior or Even Giffen. Journal of Risk and Insurance 75(2) (2008)

    Google Scholar 

  23. Lelarge, M., Bolot, J.: A Local Mean Field Analysis of Security Investments in Networks. In: ACM NetEcon (2008)

    Google Scholar 

  24. Lelarge, M., Bolot, J.: Network Externalities and The Deployment of Security Features and Protocols in the Internet. In: ACM SIGMETRICS (2008)

    Google Scholar 

  25. Internet Wikipedia Source. Information Asymmetry

    Google Scholar 

  26. Varian, H.R.: Microeconomic Analysis. Norton (1992)

    Google Scholar 

  27. Pal, R., Golubchik, L.: Analyzing Self-Defense Investments In The Internet Under Cyberinsurance Coverage. In: IEEE ICDCS (2010)

    Google Scholar 

  28. Bohme, R., Schwartz, G.: Modeling Cyberinsurance: Towards A Unifying Framework. In: WEIS (2010)

    Google Scholar 

  29. Shetty, N., Schwarz, G., Feleghyazi, M., Walrand, J.: Competitive Cyberinsurance and Internet Security. In: WEIS (2009)

    Google Scholar 

  30. Pal, R., Golubchik, L.: Pricing and Investments in Internet Security. Arxiv (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Southern California, USA

    Ranjan Pal, Leana Golubchik & Konstantinos Psounis

Authors
  1. Ranjan Pal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Leana Golubchik
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Konstantinos Psounis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Maryland, College Park, 20742, Maryland, MD, USA

    John S. Baras  & Jonathan Katz  & 

  2. INRIA, 335 Chemin des Combes, 84140, Montfavet, France

    Eitan Altman

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Pal, R., Golubchik, L., Psounis, K. (2011). Aegis A Novel Cyber-Insurance Model. In: Baras, J.S., Katz, J., Altman, E. (eds) Decision and Game Theory for Security. GameSec 2011. Lecture Notes in Computer Science, vol 7037. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25280-8_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-25280-8_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-25279-2

  • Online ISBN: 978-3-642-25280-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation