Reducing Informational Disadvantages to Improve Cyber Risk Management

Posted: 28 Feb 2018

See all articles by Sachin Shetty

Sachin Shetty

Old Dominion University

Michael K. McShane

Old Dominion University

Linfeng Zhang

University of Illinois Department of Mathematics

Jay P. Kesan

University of Illinois College of Law

Charles Kamhoua

Independent

Kevin Kwiat

Independent

Laurent Njilla

Independent

Date Written: February 9, 2018

Abstract

Effective cyber risk management should include the use of insurance not only to transfer cyber risk but also to provide incentives for insured enterprises to invest in cyber self-protection. Research indicates that asymmetric information, correlated loss, and interdependent security issues make this difficult if insurers cannot monitor the cybersecurity efforts of the insured enterprises. To address this problem, this paper proposes the Cyber Risk Scoring and Mitigation (CRISM) tool, which estimates cyberattack probabilities by directly monitoring and scoring cyber risk based on assets at risk and continuously updated software vulnerabilities. CRISM also produces risk scores that allow organisations to optimally choose mitigation policies that can potentially reduce insurance premiums.

Keywords: Cyber Risk Management, Cyber Insurance, Vulnerability Assessment, Security Risk Scores, Bayesian Belief Networks, Attack Graphs

JEL Classification: G32

Suggested Citation

Shetty, Sachin and McShane, Michael K. and Zhang, Linfeng and Kesan, Jay P. and Kamhoua, Charles and Kwiat, Kevin and Njilla, Laurent, Reducing Informational Disadvantages to Improve Cyber Risk Management (February 9, 2018). Geneva Risk and Insurance Review, Forthcoming, University of Illinois College of Law Legal Studies Research Paper No. 18-24, Available at SSRN: https://ssrn.com/abstract=3121389

Sachin Shetty

Old Dominion University ( email )

1030 University Blvd
Suffolk, VA 23435
United States

Michael K. McShane (Contact Author)

Old Dominion University ( email )

Norfolk, VA 23529-0222
United States

Linfeng Zhang

University of Illinois Department of Mathematics ( email )

Champaign, IL 61820
United States

Jay P. Kesan

University of Illinois College of Law ( email )

504 E. Pennsylvania Avenue
Champaign, IL 61820
United States
217-333-7887 (Phone)
217-244-1478 (Fax)

HOME PAGE: http://www.jaykesan.com

Charles Kamhoua

Independent ( email )

Kevin Kwiat

Independent ( email )

Laurent Njilla

Independent ( email )

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
437
PlumX Metrics