ABSTRACT
This chapter develops a series of models to assist organisations and insurance companies with their decisions involving risk management in cybersecurity, making use of adversarial risk analysis and Multi-Agent Influence Diagrams to do so. It presents a key model to support organisations in their Cybersecurity Risk Management decisions, referred to as “the Cybersecurity Risk Management model”. The chapter also presents a model for determining the level of cyber reinsurance needed as well. This also makes it possible to better understand accumulation risk, or the risk that a single claim spreads to multiple lines of business, which is a major challenge for insurers. A variety of methods have been developed that can be used to support decision-making regarding cybersecurity resource allocation, including the purchase of cyber insurance. The chapter describes how cyber insurance products are designed at present. Information about the specific algorithms used by insurers in pricing cyber risk is confidential, but the chapter can describe the process in general terms.
