Abstract
Investments in security and cyber-insurance are two cyber-risk management strategies that can be employed together to optimize the overall security expense. In this paper, we provide a closed form for the optimal investment under a full set of insurance liability scenarios (full liability, limited liability, and limited liability with deductibles) when we consider a multi-branch firm with correlated vulnerability. The insurance component results to be the major expense. It ends up being the only recommended approach (i.e., setting zero investments in security) when the intrinsic vulnerability is either very low or very high. We also study the robustness of the investment choices when our knowledge of vulnerability and correlation is uncertain, concluding that the uncertainty induced on investment by either uncertain correlation or uncertain vulnerability is not significant.
Subject
Strategy and Management,Economics, Econometrics and Finance (miscellaneous),Accounting
Reference44 articles.
1. Economics;Arnold,2008
2. Why IT managers don't go for cyber-insurance products
3. Cyber insurance as an incentive for internet security;Bolot,2009
4. Hack Insurer Adds Microsoft Surchargehttps://www.zdnet.com/article/hack-insurer-adds-microsoft-surcharge/
5. What are the actual costs of cyber risk events?
Cited by
10 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献