An Integrated Study of Cybersecurity Investments and Cyber Insurance Purchases
30 Pages Posted: 7 Dec 2023
Date Written: November 30, 2023
Abstract
The growing concern over cyber risk has become a pivotal issue in the business world. Firms can mitigate this risk through two primary strategies: investing in cybersecurity practices and purchasing cyber insurance. Cybersecurity investments reduce the compromise probability, while cyber insurance transfers potential losses to insurers. This study employs a network model for the spread of infection among interconnected firms, where each firm’s decisions impact one another. We investigate a noncooperative game in which each firm aims to optimize its own objective function via choices of cybersecurity level and insurance coverage ratio. We define and detail the pure-strategy Nash equilibrium in this context, and derive sufficient conditions to ensure its existence and uniqueness. We also find that cybersecurity investment and insurance purchase are strategic complements. These theoretical results provide the foundation for our numerical studies. We compute the equilibrium decisions on cybersecurity investments and insurance purchases across various network structures. The numerical results illustrate the impact of network structure on equilibrium decisions and how varying insurance premiums influence firms’ cybersecurity investments.
Keywords: Risk management; Nash equilibrium; Cyber risk; Cybersecurity; Cyber insurance; Network contagion
JEL Classification: D85, G22
Suggested Citation: Suggested Citation