Ranjan Pal
Abstract
Recent work in security has illustrated that solutions aimed at detection and elimination of security threats alone are unlikely to result in a robust cyberspace. As an orthogonal approach to mitigating security problems, some researchers have pursued the use of cyber-insurance as a suitable risk management technique. In this regard, a recent work by the authors in [1] have proposed efficient monopoly cyberinsurance markets that maximize social welfare of users in a communication network via premium discriminating them. However, the work has a major drawback in the insurer not being able to make strictly positive profit in expectation, which in turn might lead to unsuccessful insurance markets. In this paper, we provide a method (based on the model in [1]) to overcome this drawback for the risk-averse premium discriminating monopoly cyber-insurer, and prove it in theory. More specifically, we propose a non-regulatory mechanism to allow monopoly cyber-insurers to make strictly positive profit in expectation. To investigate the general effectiveness of our mechanism beyond a monopoly setting with full coverage, we conduct numerical experiments (comparing social welfare at market equilibrium) on (a) practical Internet-scale network topologies that are formed by users who are free to decide for themselves whether they want to purchase insurance or not, (b) settings of perfect and imperfect market competition, and (c) scenarios with partial insurance coverage.
- R. Pal, L. Golubchik, K. Psounis, and P. Hui, "Will cyber-insurance improve network security: A market analysis," in To Appear in IEEE INFOCOM, 2014.Google Scholar
- R. Anderson and T. Moore, "Information security economics and beyond," in Information Security Summit, 2008.Google Scholar
- M. Lelarge and J. Bolot, "Economic incentives to increase security in the internet: The case for insurance," in IEEE INFOCOM, 2009.Google Scholar
- P. Naghizadeh and M. Liu, "Voluntary participation in cyber-insurance markets," in WEIS, 2014.Google Scholar
- S. Romanovsky, Comments to the Department of Commerce on Incentives to Adopt Improved Cyber-Security Practices. April 2013, 2013.Google Scholar
- Betterly, The Betterly Report: Cyber/Privacy Insurance Market Survey. June, 2012, 2012.Google Scholar
- Arimic, Arimic Review of Recent Developments in the Cyber-Insurance Market. 2013, 2013Google Scholar
- M. Thompson, "Why cyber-insurance is the next big thing," in CNBC Report, 2014.Google Scholar
- R. Bohme and G. Schwartz, "Modeling cyber-insurance: Towards a unifying framework," in WEIS, 2010.Google Scholar
- A. Mas-Collel, M. D.Winston, and J. R. Green, Microeconomic Theory. Oxford University Press, 1995, 1995.Google Scholar
- H. Kunreuther and G. Heal, "Interdependent security," Journal of Risk and Uncertainty, vol. 26, 2002.Google Scholar
- M. Lelarge and J. Bolot, "A local mean field analysis of security investments in networks," in ACM NetEcon, 2008. Google ScholarDigital Library
- M. Lelarge and J. Bolot, "Network externalities and the deployment of security features and protocols in the internet," in ACM SIGMETRICS, 2008. Google ScholarDigital Library
- Z. Yang and J. Lui, "Security adoption in heterogenous networks: The influence of cyber-insurance market," in IFIP Networking, 2012. Google ScholarDigital Library
- Z. Yang and J. C. S. Lui, "Security adoption and influence of cyber-insurance markets in heterogenous networks," Performance Evaluation, vol. 74, 2014. Google ScholarDigital Library
- G. Dionne and S. E. Harrington, Foundations of Insurance Economics: Readings in Economics and Finance. Springer, 1992.Google ScholarCross Ref
- R. Pal, L. Golubchik, and K. Psounis, "Aegis: A novel cyber-insurance model," in IEEE/ACM GameSec, 2011. Google ScholarDigital Library
- A. Khouzani, S. Sen, and N. Shroff, "An economic analysis of regulating security investments in the internet," in IEEE INFOCOM, 2013.Google Scholar
- R. Pal, L. Golubchik, K. Psounis, and P. Hui, "Security pricing as an enabler of cyber-insurance: A first look at differentiated pricing markets," IEEE Transactions on Dependable and Secure Computing, 2017.Google ScholarDigital Library
- R. Pal and P. Hui, "Cyber-insurance for cyber-security: A topological take on modulating insurance premiums," Performance Evaluation Review, vol. 40, no. 3, 2012. Google ScholarDigital Library
- A. Odlyzko, "Economics, psychology, and sociology of security," in Financial Cryptography, 2003.Google Scholar
- B. Johnson, A. Lazska, and J. Grossklags, "The complexity of estimating systematic risk in networks," in IEEE CSF, 2014. Google ScholarDigital Library
- A. Lazska, B. Johnson, J. Grossklags, and M. Felegyhazi, "Estimating systematic risk in real-world networks," in FC, 2014.Google Scholar
- A. Mukhopadhyay, S. Chatterjee, D. Saha, A. Mahanti, and S. K. Sadhukan, "Cyber-risk decision models: To insure it or not?," Decision Support Systems, vol. 56, 2013.Google Scholar
- S. B. Herath and C. T. Herath, "Copula based actuarial model for pricing cyber-insurance policies," Insurance Markets and Companies: Analyses and Actuarial Computations, vol. 2, 2011.Google Scholar
- M. Baddeley, "Information security: Lessons from behavioral economics," in SHB, 2011.Google Scholar
- C. Toregas and N. Zahn, Insurance for Cyber-Attacks: The Issue of Setting Premiums in Context. GeorgeWashington University, 2014.Google Scholar
- M. Faloutsos, P. Faloutsos, and C. Faloutsos, "On power-law relationships of the internet topology," in ACM SIGCOMM computer communication review, vol. 29, pp. 251?262, ACM, 1999. Google ScholarDigital Library
- T. Bu and D. Towsley, "On distinguishing between internet power law topology generators," in INFOCOM 2002. Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE, vol. 2, pp. 638?647, IEEE, 2002Google Scholar
- A. Hoffman, "Internalizing externalities of loss prevention through insurance monopoly," Geneva Risk and Insurance Review, vol. 32, 2007.Google Scholar
- N.Shetty, G.Schwarz, M.Feleghyazi, and J.Walrand, "Competitive cyber-insurance and internet security," in WEIS, 2009.Google Scholar
- R. Pal and L. Golubchik, "On economic perspectives of internet security," in ACM SIGMETRICS Workshop on Mathematical Performance Modeling and Analysis (MAMA), 2010.Google Scholar
- R. Pal and P. Hui, "Modeling internet security investments: The case of tackling topological information uncertainty," in IEEE/ACM GameSec, 2011. Google ScholarDigital Library
Index Terms
- Improving Cyber-Security via Profitable Insurance Markets
Recommendations
On competitiveness in uniform utility allocation markets
We call a market competitive if increasing the endowment of one buyer does not increase the equilibrium utility of another. We show that every competitive uniform utility allocation market is a submodular utility allocation market, answering a question ...
Multiplicative Pacing Equilibria in Auction Markets
Budgets play a significant role in ad markets that implement sequential auctions such as those hosted by internet companies. In “Multiplicative Pacing Equilibria in Auction Markets,” the authors look at pacing in an ad marketplace using the lens of game ...
Budgets play a significant role in real-world sequential auction markets such as those implemented by internet companies. To maximize the value provided to auction participants, spending is smoothed across auctions so budgets are used for the best ...
The complexity of non-monotone markets
STOC '13: Proceedings of the forty-fifth annual ACM symposium on Theory of ComputingWe introduce the notion of non-monotone utilities, which covers a wide variety of utility functions in economic theory. We show that it is PPAD-hard to compute an approximate Arrow-Debreu market equilibrium in markets with linear and non-monotone ...
Comments