Integrated Framework for Information Security Investment and Cyber Insurance

23 Pages Posted: 16 Feb 2017 Last revised: 16 Sep 2017

Shaun Wang

Nanyang Technological University

Date Written: September 15, 2017


This paper presents an analytical model for optimal information security investment in threat controls and vulnerability reductions. The model quantifies the combined effect of security investments in addressing cyber threats and vulnerability, and derives the annual loss expectancy of the residual cyber risk – which represents the insurance premium for a full risk transfer. Based on the insights from the model, an improved cyber insurance design is proposed with more focus on risk advisory services and partnership. A case is made for insurance companies and IT security firms to jointly offer integrated risk mitigation and insurance protection services. This paper calls for collective spending by the private sector in pursuing cyber offenders and seeking loss recoveries, in collaboration with governments and law enforcement agencies.

Keywords: Economics of Information Security; Cyber Risk; Cyber Insurance

Suggested Citation

Wang, Shaun, Integrated Framework for Information Security Investment and Cyber Insurance (September 15, 2017). Available at SSRN: or

Shaun Wang (Contact Author)

Nanyang Technological University ( email )

Nanyang Avenue
Singapore, Singapore 639798

Register to save articles to
your library


Paper statistics

Abstract Views