Reducing Informational Disadvantages to Improve Cyber Risk Management

Posted: 28 Feb 2018

See all articles by Sachin Shetty

Sachin Shetty

Old Dominion University

Michael K. McShane

Old Dominion University

Linfeng Zhang

University of Illinois at Urbana-Champaign

Jay P. Kesan

University of Illinois College of Law

Charles Kamhoua

Independent

Kevin Kwiat

Independent

Laurent Njilla

Independent

Date Written: February 9, 2018

Abstract

Effective cyber risk management should include the use of insurance not only to transfer cyber risk but also to provide incentives for insured enterprises to invest in cyber self-protection. Research indicates that asymmetric information, correlated loss, and interdependent security issues make this difficult if insurers cannot monitor the cybersecurity efforts of the insured enterprises. To address this problem, this paper proposes the Cyber Risk Scoring and Mitigation (CRISM) tool, which estimates cyberattack probabilities by directly monitoring and scoring cyber risk based on assets at risk and continuously updated software vulnerabilities. CRISM also produces risk scores that allow organisations to optimally choose mitigation policies that can potentially reduce insurance premiums.

Keywords: Cyber Risk Management, Cyber Insurance, Vulnerability Assessment, Security Risk Scores, Bayesian Belief Networks, Attack Graphs

JEL Classification: G32

Suggested Citation

Shetty, Sachin and McShane, Michael K. and Zhang, Linfeng and Kesan, Jay P. and Kamhoua, Charles and Kwiat, Kevin and Njilla, Laurent, Reducing Informational Disadvantages to Improve Cyber Risk Management (February 9, 2018). Geneva Risk and Insurance Review, Forthcoming; University of Illinois College of Law Legal Studies Research Paper No. 18-24. Available at SSRN: https://ssrn.com/abstract=3121389

Sachin Shetty

Old Dominion University ( email )

1030 University Blvd
Suffolk, VA 23435
United States

Michael K. McShane (Contact Author)

Old Dominion University ( email )

Norfolk, VA 23529-0222
United States

Linfeng Zhang

University of Illinois at Urbana-Champaign ( email )

601 E John St
Champaign, IL 61820
United States

Jay P. Kesan

University of Illinois College of Law ( email )

504 E. Pennsylvania Avenue
Champaign, IL 61820
United States
217-333-7887 (Phone)
217-244-1478 (Fax)

HOME PAGE: http://www.jaykesan.com

Charles Kamhoua

Independent ( email )

No Address Available

Kevin Kwiat

Independent ( email )

No Address Available

Laurent Njilla

Independent ( email )

No Address Available

Register to save articles to
your library

Register

Paper statistics

Abstract Views
222
PlumX Metrics