Modeling Cyber-Insurance

Cyber-risk can be further specified by interdependent security, correlated risk, and information asymmetries. Using these parameters, the gap between arguments in favor of cyber-insurance to align incentives for network security and actual viability of a cyber-insurance market is explored; furthermore, the framework is used to uncover which parameters should be considered in future models. Modeling decisions can be broken down into five key components: network environment, demand side, supply side, information structure, and organizational environment. This framework develops a path to overcoming the two obstacles of interdependent security and correlated risk.