Monte Carlo methods to investigate how aggregated cyber insurance claims data impacts security investments

Daniel W. Woods; Andrew Simpson

Monte Carlo methods to investigate how aggregated cyber insurance claims data impacts security investments

Research output: Contribution to conference › Paper › peer-review

Abstract

There is evidence that the availability of cyber insurance is contingent on an applicant’s security posture and that premium discounts may apply if the applicant adopts security controls dictated by the insurer. As the cyber insurance market grows in size, questions arise regarding how this situation will affect investment in information security. We investigate how aggregated claims data impacts investments in information security. Monte Carlo methods are used to explore three possible insurer strategies in guiding the policyholder’s investments. The results suggest that aggregated claims data can increase the net revenue of all firms, particularly in cases of low security investment or high uncertainty, but these benefits are contingent on the insureds employing diverse defensive configurations.

Original language	English
Number of pages	24
Publication status	Published - 17 Jun 2018
Event	The 17th Annual Workshop on the Economics of Information Security (WEIS 2018) - Innsbruck, Austria Duration: 18 Jun 2018 → 19 Jun 2018 Conference number: 17 https://weis2018.econinfosec.org/

Workshop

Workshop	The 17th Annual Workshop on the Economics of Information Security (WEIS 2018)
Abbreviated title	WEIS 2018
Country/Territory	Austria
City	Innsbruck
Period	18/06/18 → 19/06/18
Internet address	https://weis2018.econinfosec.org/

Access to Document

https://weis2018.econinfosec.org/wp-content/uploads/sites/5/2018/05/WEIS_2018_paper_16.pdfLicence: All Rights Reserved

Cite this

@conference{f26e256aa1ed47c89ee0d0461faed6ca,

title = "Monte Carlo methods to investigate how aggregated cyber insurance claims data impacts security investments",

abstract = "There is evidence that the availability of cyber insurance is contingent on an applicant{\textquoteright}s security posture and that premium discounts may apply if the applicant adopts security controls dictated by the insurer. As the cyber insurance market grows in size, questions arise regarding how this situation will affect investment in information security. We investigate how aggregated claims data impacts investments in information security. Monte Carlo methods are used to explore three possible insurer strategies in guiding the policyholder{\textquoteright}s investments. The results suggest that aggregated claims data can increase the net revenue of all firms, particularly in cases of low security investment or high uncertainty, but these benefits are contingent on the insureds employing diverse defensive configurations.",

author = "Woods, {Daniel W.} and Andrew Simpson",

year = "2018",

month = jun,

day = "17",

language = "English",

note = "The 17th Annual Workshop on the Economics of Information Security (WEIS 2018), WEIS 2018 ; Conference date: 18-06-2018 Through 19-06-2018",

url = "https://weis2018.econinfosec.org/",

}

Woods, DW & Simpson, A 2018, 'Monte Carlo methods to investigate how aggregated cyber insurance claims data impacts security investments', Paper presented at The 17th Annual Workshop on the Economics of Information Security (WEIS 2018), Innsbruck, Austria, 18/06/18 - 19/06/18. <https://weis2018.econinfosec.org/wp-content/uploads/sites/5/2018/05/WEIS_2018_paper_16.pdf>

TY - CONF

T1 - Monte Carlo methods to investigate how aggregated cyber insurance claims data impacts security investments

AU - Woods, Daniel W.

AU - Simpson, Andrew

N1 - Conference code: 17

PY - 2018/6/17

Y1 - 2018/6/17

N2 - There is evidence that the availability of cyber insurance is contingent on an applicant’s security posture and that premium discounts may apply if the applicant adopts security controls dictated by the insurer. As the cyber insurance market grows in size, questions arise regarding how this situation will affect investment in information security. We investigate how aggregated claims data impacts investments in information security. Monte Carlo methods are used to explore three possible insurer strategies in guiding the policyholder’s investments. The results suggest that aggregated claims data can increase the net revenue of all firms, particularly in cases of low security investment or high uncertainty, but these benefits are contingent on the insureds employing diverse defensive configurations.

AB - There is evidence that the availability of cyber insurance is contingent on an applicant’s security posture and that premium discounts may apply if the applicant adopts security controls dictated by the insurer. As the cyber insurance market grows in size, questions arise regarding how this situation will affect investment in information security. We investigate how aggregated claims data impacts investments in information security. Monte Carlo methods are used to explore three possible insurer strategies in guiding the policyholder’s investments. The results suggest that aggregated claims data can increase the net revenue of all firms, particularly in cases of low security investment or high uncertainty, but these benefits are contingent on the insureds employing diverse defensive configurations.

UR - https://weis2018.econinfosec.org/program/

M3 - Paper

T2 - The 17th Annual Workshop on the Economics of Information Security (WEIS 2018)

Y2 - 18 June 2018 through 19 June 2018

ER -

Monte Carlo methods to investigate how aggregated cyber insurance claims data impacts security investments

Abstract

Workshop

Access to Document

Other files and links

Fingerprint

Cite this