Title: Integrated cyber security risk management-insurance and investment cost analysis

Authors: Thomas (Yew Sing) Lee

Addresses: Department of Information and Decision Sciences (M/C 294), College of Business Administration, University of Illinois, 601 South Morgan Street, Chicago, IL, 60607-7124, USA

Abstract: An insurer offers cyber insurance coverage to several firms with risk averse decision makers. The cyber insurance premium offered depends on the cyber security implemented at the firm. Each firm faces attacks by multiple types of hackers and decides on the level of investment for cyber security counter measures. We address the software monoculture issue by considering that there is common, popular software used by all firms, and it is a source of correlated risk. Two types of cyber security interdependence breaching processes due to the software monoculture risk were analysed. We derive the probability distribution for the number of breaches and develop the cyber insurance pricing model. We also introduce the concept of cyber security defence level. Furthermore, we proposed to determine the optimal cyber insurance price given a targeted defence level. Finally, we demonstrate the use of our model through several numerical examples.

Keywords: cyber insurance; hacker; breaching probability; cyber security; correlated risks; software monoculture risk; defence level; integrated risk management.

DOI: 10.1504/IJDATS.2024.140651

International Journal of Data Analysis Techniques and Strategies, 2024 Vol.16 No.3, pp.223 - 261

Received: 09 Dec 2023
Accepted: 08 Apr 2024
Published online: 29 Aug 2024 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article