ABSTRACT

Tackling the cybersecurity challenge is a matter of survival for society at large. Cyber attacks are rapidly increasing in sophistication and magnitude—and in their destructive potential. New threats emerge regularly, the last few years having seen a ransomware boom and distributed denial-of-service attacks leveraging the Internet of Things.

For organisations, the use of cybersecurity risk management is essential in order to manage these threats. Yet current frameworks have drawbacks which can lead to the suboptimal allocation of cybersecurity resources. Cyber insurance has been touted as part of the solution – based on the idea that insurers can incentivize companies to improve their cybersecurity by offering premium discounts – but cyber insurance levels remain limited. This is because companies have difficulty determining which cyber insurance products to purchase, and insurance companies struggle to accurately assess cyber risk and thus develop cyber insurance products.

To deal with these challenges, this volume presents new models for cybersecurity risk management, partly based on the use of cyber insurance. It contains:

  • A set of mathematical models for cybersecurity risk management, including (i) a model to assist companies in determining their optimal budget allocation between security products and cyber insurance and (ii) a model to assist insurers in designing cyber insurance products.
  • The models use adversarial risk analysis to account for the behavior of threat actors (as well as the behavior of companies and insurers).
  • To inform these models, we draw on psychological and behavioural economics studies of decision-making by individuals regarding cybersecurity and cyber insurance.
  • We also draw on organizational decision-making studies involving cybersecurity and cyber insurance.

Its theoretical and methodological findings will appeal to researchers across a wide range of cybersecurity-related disciplines including risk and decision analysis, analytics, technology management, actuarial sciences, behavioural sciences, and economics. The practical findings will help cybersecurity professionals and insurers enhance cybersecurity and cyber insurance, thus benefiting society as a whole.

This book grew out of a two-year European Union-funded project under Horizons 2020, called CYBECO (Supporting Cyber Insurance from a Behavioral Choice Perspective).

chapter 1|10 pages

Introduction

ByDavid Ríos Insua, Nikos Vasileiadis, Aitor Couce Vieira, Caroline Baylon

chapter 2|16 pages

The Cyber Insurance Landscape

ByKatsiaryna Labunets, Wolter Pieters, Michel van Eeten, Dawn Branley-Bell, Lynne Coventry, Pam Briggs, Inés Martínez, Jhoties Sewnandan

chapter 3|22 pages

Behavioural Issues in Cybersecurity

ByJose Vila, Pam Briggs, Dawn Branley-Bell, Yolanda Gomez, Lynne Coventry

chapter 4|34 pages

Risk Management Models for Cyber Insurance

ByAitor Couce Vieira, David Ríos Insua, Caroline Baylon, Sebastain Awondo

chapter 5|42 pages

A Case Study in Cybersecurity Resource Allocation and Cyber Insurance

ByAitor Couce Vieira, David Ríos Insua, Alberto Redondo, Caroline Baylon

chapter 6|12 pages

Conclusions

ByCaroline Baylon, Deepak Subramanian, Jose Vila, David Ríos Insua