Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Cyber Insurance and IT Security Investment: Impact of Interdependent Risk Hulisi Ogut, UT-Dallas Srinivasan Raghunathan, UT-Dallas Nirup Menon, UT-Dallas.

Published byShannon Cornwall Modified over 10 years ago

Similar presentations

Presentation on theme: "1 Cyber Insurance and IT Security Investment: Impact of Interdependent Risk Hulisi Ogut, UT-Dallas Srinivasan Raghunathan, UT-Dallas Nirup Menon, UT-Dallas."— Presentation transcript:

1 1 Cyber Insurance and IT Security Investment: Impact of Interdependent Risk Hulisi Ogut, UT-Dallas Srinivasan Raghunathan, UT-Dallas Nirup Menon, UT-Dallas

2 2 Introduction The scale and scope of hacker and virus attacks on computer systems is increasing Two ways to minimize losses from security breaches Make security investment Buy cyber insurance

3 3 Introduction IT Security decision of firms are interdependent because of networks if a hacker penetrate one company, she has easy access to shared trust partners IT assets through connection Cyber insurance market is immature because lack of actuarial data few insurance firms provide cyber insurance product

4 4 Research Question How the interdependence impacts decision of the firms to invest in IT security ? to buy cyber insurance coverage?

5 5 Assumptions & Firms Decision Key Assumptions Firms are risk averse and CARA is assumed. The firms investments in IT security affect the probability of breach of any firm in network Investments exhibit declining returns The Firms Decision Firm decides simultaneously on the level of insurance taken and IT security investment

6 6 Notation Decision Variable z 1 : IT security investment level for firm 1 I 1 :Insurance coverage taken by the firm 1 Model parameters U: utility function of firm p(z 1 ): Probability of breach from firm 1s own resources B 1 (z 1,z 2 ): total probability of breach for firm 1

7 7 Notation (Contd) π 1 : Premium paid for each dollar of coverage for firm 1 L 1 : Loss amount firm 1 incurs if breach occurs. W 1 : Initial wealth of firm 1

8 8 Breach Probability First consider two firms A firm can suffer two source of attack Direct attack occurs with probability p(z 1 ) when the source of breach is the firms itself Indirect attack occurs with probability qp(z 2 ) when a hacker gain access to firms IT asset after breaching other firm q indicates degree of interdependence Total breach probability of firm 1 is B 1 (z 1,z 2 )=1-[1-p(z 1 )][1-qp(z 2 )]

9 9 Illustration of Total Risk to Firm 1 B 1 (z 1,z 2 )=p(z 1 )+qp(z 2 )-qp(z 1 )p(z 2 ) p(z 1 ) q.p(z 2 )

10 10 Model Breach occurs with probability B 1 (z 1,z 2 ) Firm 1 incurs loss of L It will be paid by coverage amount I 1 if firm 1 paid premium amount π 1 I 1 if firm 1 invest z 1 amount to IT security, in this case, the utility of firm 1 will be U(W- L+(1-π 1 )I 1 -z 1 ) Breach does not occur with probability 1-B(z 1,z 2 ) The utility of firm 1 in this case will be U(W-π 1 I 1 -z 1 )

11 11 Solution to z and I The price of insurance is given by Firm 1 maximizes its expected utility A firms IT security spending is solution to The amount of insurance coverage taken by is

12 12 Solution Procedure Equation A can be solved to obtain the optimum investment level first Optimum insurance coverage can be obtained by plugging optimum investment level to the Equation B Firm can manage IT security risk through by first reducing the risk through investments. Manage the residual risk through insurance

13 13 Proposition 1 All else kept constant, the level of IT security investment and the amount of insurance coverage are lower as interdependency (q) increases

14 14 Joint Solution for Two Firms Assume that firms are identical with equal pareto weights across the two firms The solution to the IT security investment

15 15 Proposition All else kept constant, the joint choice of IT security investment is higher than the firms individual choice of IT security investment and joint choice of insurance coverage taken is higher than the firms individual choice of insurance coverage taken

16 16 Information Sharing as a Mechanism to Increase Investment and Insurance Information sharing reduces direct attack probability but not interdependency IT security investment increase because marginal benefit from IT security investment increases under information sharing. Information sharing reduces interdependency but not direct probability As interdependency (q) decreases, IT security investment and insurance increases.

17 17 Generalization to Several Interdependent firms The probability of breach for firm 1 in the n firm case is For identical firm case, the level of IT security investment is The amount of insurance is then given by the

18 18 Proposition 5 For identical firms, as the number of firms (n) increases, IT security investment level for individual firm will decline probability of breach will decreases cyber insurance level taken will decreases.

19 19 Conclusion As interdependency increases, IT security investment decreases Cyber insurance coverage taken decreases The increase in the number of firms has the same affect with interdependency. Joint solution implies higher IT security investment compared to individual solution

Download ppt "1 Cyber Insurance and IT Security Investment: Impact of Interdependent Risk Hulisi Ogut, UT-Dallas Srinivasan Raghunathan, UT-Dallas Nirup Menon, UT-Dallas."

Similar presentations

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
Enterprise Risk Management & Capital Budgeting under Dependent Risks: An Integrated Framework Tianyang Wang, Colorado State University (with Jing Ai, The.

Enterprise Risk Management & Capital Budgeting under Dependent Risks: An Integrated Framework Tianyang Wang, Colorado State University (with Jing Ai, The.
Copyright © 2008 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Managerial Economics, 9e Managerial Economics Thomas Maurice.

Copyright © 2008 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Managerial Economics, 9e Managerial Economics Thomas Maurice.
MANAGERIAL ECONOMICS An Analysis of Business Issues

MANAGERIAL ECONOMICS An Analysis of Business Issues
Choices Involving Risk

Choices Involving Risk
Introduction to Management Science, Modeling, and Excel Spreadsheets

Introduction to Management Science, Modeling, and Excel Spreadsheets
INTRA-INDUSTRY TRADE AND THE SCALE EFFECTS OF ECONOMIC INTEGRATION Elisa Riihimäki Statistics Finland, Business Structures September 2005 12.9.2005.

INTRA-INDUSTRY TRADE AND THE SCALE EFFECTS OF ECONOMIC INTEGRATION Elisa Riihimäki Statistics Finland, Business Structures September
For APNOMS 2003 1 Managing Pervasive Computing and Ubiquitous Communications Challenges Ahead Graham Chen.

For APNOMS Managing Pervasive Computing and Ubiquitous Communications Challenges Ahead Graham Chen.
0 - 0.

0 - 0.
ALGEBRAIC EXPRESSIONS

ALGEBRAIC EXPRESSIONS
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
MULTIPLICATION EQUATIONS 1. SOLVE FOR X 3. WHAT EVER YOU DO TO ONE SIDE YOU HAVE TO DO TO THE OTHER 2. DIVIDE BY THE NUMBER IN FRONT OF THE VARIABLE.

MULTIPLICATION EQUATIONS 1. SOLVE FOR X 3. WHAT EVER YOU DO TO ONE SIDE YOU HAVE TO DO TO THE OTHER 2. DIVIDE BY THE NUMBER IN FRONT OF THE VARIABLE.
SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION

SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION
MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts 1 - 20.

Addition Facts
1 Effect of Managerial overconfidence, asymmetric Info, and moral hazard on Capital Structure Decisions. Rational Corporate Finance. -Capital Structure:

1 Effect of Managerial overconfidence, asymmetric Info, and moral hazard on Capital Structure Decisions. Rational Corporate Finance. -Capital Structure:
5/31/20141 HFT 4464 Chapter 9 Introduction to Capital Budgeting.

5/31/20141 HFT 4464 Chapter 9 Introduction to Capital Budgeting.
Chapter Outline 7.1 Risk Aversion and Demand for Insurance by Individuals The Effects of Insurance on Wealth Risk Aversion Other Factors Affecting an Individual’s.

Chapter Outline 7.1 Risk Aversion and Demand for Insurance by Individuals The Effects of Insurance on Wealth Risk Aversion Other Factors Affecting an Individual’s.
University of the Aegean, Greece Modelling and Economics of IT Risk Management and Insurance Stefanos Gritzalis Costas Lambrinoudakis Dept. of Information.

University of the Aegean, Greece Modelling and Economics of IT Risk Management and Insurance Stefanos Gritzalis Costas Lambrinoudakis Dept. of Information.
Effective Rate of Protection

Effective Rate of Protection

Similar presentations

Ads by Google