23 Pages Posted: 16 Feb 2017 Last revised: 16 Sep 2017
Date Written: September 15, 2017
This paper presents an analytical model for optimal information security investment in threat controls and vulnerability reductions. The model quantifies the combined effect of security investments in addressing cyber threats and vulnerability, and derives the annual loss expectancy of the residual cyber risk – which represents the insurance premium for a full risk transfer. Based on the insights from the model, an improved cyber insurance design is proposed with more focus on risk advisory services and partnership. A case is made for insurance companies and IT security firms to jointly offer integrated risk mitigation and insurance protection services. This paper calls for collective spending by the private sector in pursuing cyber offenders and seeking loss recoveries, in collaboration with governments and law enforcement agencies.
Keywords: Economics of Information Security; Cyber Risk; Cyber Insurance
Suggested Citation: Suggested Citation
Wang, Shaun, Integrated Framework for Information Security Investment and Cyber Insurance (September 15, 2017). Available at SSRN: https://ssrn.com/abstract=2918674 or http://dx.doi.org/10.2139/ssrn.2918674