Anand Shah
Abstract
What should be the minimum value of data security or privacy to a customer? We reason that at a minimum this value should be equal to the premium charged by an insurer for cyber insurance that compensates the customer for the claims resulting from the data security and privacy breaches. We calculate the premium for cyber insurance and the percentage coverage availed by a customer using Monte Carlo simulations.
- Website: IT Governance UK, http://www.itgovernance.co.uk/dpa-penalties.aspx#.VJJ84tKUdpsGoogle Scholar
- Basel Committee on Banking Supervision, International Convergence of Capital Measurement and Capital Standards- A Revised Framework, June 2006Google Scholar
- Yannacopoulos, A. N., Lambrinoudakis, C., Gritzalis, S., Xanthopoulos, S. Z., and Katsikas, S. N., 2008, Modeling Privacy Insurance Contracts and Their Utilization in Risk Management for ICT Firms, ESORICS 2008, pp. 207--222, 2008. Google ScholarDigital Library
- Rainer Böhme, 2005, Cyber-Insurance Revisited, Workshop on the Economics of Information Security (WEIS) 2005.Google Scholar
- Gritzalis, S., Yannacopoulos, A. N., Lambrinoudakis, C., Hatzopoulos P., and Katsikas, S. N., 2007, A probabilistic model for optimal insurance contracts against security risks and privacy violation in IT outsourcing environments, International Journal of Information Security (2007) 6 pp. 197--211 Google ScholarDigital Library
- Stefan Berthold, Rainer Böhme, 2009, Valuing privacy with option pricing theory, Workshop on the Economics of Information Security (WEIS) 2009.Google Scholar
- Rainer Böhme, Galina Schwartz, 2010, Modeling Cyber-Insurance: Towards A Unifying Framework, Workshop on the Economics of Information Security (WEIS) 2010Google Scholar
- Alexander McNeil, Rüdiger Frey, Paul Embrechts, (2005) Quantitative Risk Management: Concepts Techniques and Tools. Princeton University Press, 2005Google Scholar
- Paul Embrechts, 1996 Actuarial versus financial pricing of insurance. Paper presented at the conference on Risk Management of Insurance Firms, The Wharton School of the University of Pennsylvania, 1996.Google Scholar
- Tomas Bjork, 2009, Arbitrage Theory in Continuous Time, Third Edition, Oxford University Press, 2009Google Scholar
- Delbaen, F., Haezendonck, J., 1989, A martingale approach to premium calculation principles in an arbitrage free market. Insurance: Mathematics and Economics 8 (1989) 269--277.Google ScholarCross Ref
Recommendations
A system to calculate Cyber Value-at-Risk
AbstractIn the face of increasing numbers of cyber-attacks, it is critical for organisations to understand the risk they are exposed to even after deploying security controls. This residual risk forms part of the ongoing operational ...
Privacy Rights and Data Security: GDPR and Personal Data Markets
General Data Protection Regulation (GDPR)—the European Union’s data protection regulation—has two key principles. It recognizes that individuals own and control their personal (but not contractual) data in perpetuity, leading to three critical privacy ...
Measuring the Over-dispersed Data in Operational Risk with the Negative Binomial Process
ICCSEE '12: Proceedings of the 2012 International Conference on Computer Science and Electronics Engineering - Volume 03In this paper, the negative binomial process is used to account for the over-dispersion in operational risk data. We estimate operational risk by means of the non-convex and convex risk measure, such as Value at Risk and Expected Shortfall, and provide ...
Comments