1 / 19

Models and Measures for Correlation in Cyber-Insurance

Delve into cyber-insurance correlation models, risk sharing, premium differentiation, and more to understand the evolving markets and challenges in the cyber-insurance industry.

dmary
Download Presentation

Models and Measures for Correlation in Cyber-Insurance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Models and Measures for Correlation in Cyber-Insurance Gaurav Kataria Carnegie Mellon University gauravk@andrew.cmu.edu Rainer Böhme Technische Universität Dresden rainer.boehme@tu-dresden.de DIMACS Workshop on Information Security Economics, Jan 19 2007.

  2. Cyber-Insurance in a Nutshell • Risk sharing • avoid extreme losses at manageable expenses • Security metric • premiums differentiate good and bad risks • Incentive function • to develop and deploy sound security technology • Market for cyber-insurance immature • losses from cyber incidents in the range of $ 200 bn • global cyber-insurance market < $ 2 bn -Majuca et al., 2006 • (Danger of) High correlation of cyber-risks • due to homogeneous technology -Geer et al., 2003

  3. Decision to Offer Insurance • Cost of offering insurance: C = E(L) + A + i · c Where, • E(L) is the expected loss amount, L being a random variable • A is the sum of all administrative costs, assumed negligible • c is the safety capital required to settle all claims if the realization of L turns out to the є-worst case (є is the probability of ruin for the insurer) • i is the interest rate to be paid for the safety capital c. The rate should reflect the risk associated with the business in general and the choice of є in particular Shape of the loss distribution function is crucial

  4. Decision to Seek Insurance Disutility 0 n Number of nodes simultaneously compromised

  5. Decision to Seek Insurance Given the degree of risk aversion σ and a measure of initial wealth I0, we can compute the maximum premium γ

  6. Classes of Cyber-Risks Insider attack Hardware failure Configuration vulnerability (user settings) Targeted hacker attack Degree of event correlation Standard software exploit requiring user interaction Remote standard software exploit Configuration vulnerability (default settings) Viruses and worms Systemic errors (Y2K, break of assumed secure cryptography)

  7. Cyber-Insurance Scenario Global Risk Correlation Insurer’s view k : firms in portfolio n : risks per firm Decisions are made at firm-level

  8. Cyber-Insurance Scenario Internal Risk Correlation Insuree’s view n : risks within firm Decisions are made at firm-level

  9. Two-Step Risk Arrival

  10. Modeling Two-Step Risk Arrival • Monte-Carlo Simulation • Computed minimum profitable premium for given correlation structure

  11. Equilibrium Conditions Results of 20,000 simulation trials per parameter setting

  12. How strong is cyber-risk correlation in reality? • Standard Response • lack of actuarial data on loss amounts • Our Approach • if correlation of losses is caused by attack correlation, then we can try to estimate correlation from sensor data measuring attack activity

  13. Data Source • Honeypots • decoy for hackers and automated attacks • useful monitoring tool for malicious activity -http://www.honeynet.org • Leurre.com honeynet project (Eurecom, France) • 35 sensors emulating 3 TCP/IP stacks each • deployed in 25 countries over five continents -Pouget et al., 2004, Pouget/Dancier/Pham, 2005 • Observations • Location • Port Sequence • Time (days) • Hits

  14. Global Attack Activity

  15. Correlation Measure • Do attacks coincide at different sensor locations? • Fit stochastic models for global attack pattern

  16. Alternative Models of Risk Arrival

  17. Estimation Results

  18. Conclusion • Take home message • though our current risk models are suboptimal and not fully empirically validated, it might be a good idea to design future cyber-insurance models with two-step risk arrival

  19. Q & A We gratefully acknowledge support from the owners of Leurre.com at Eurecom, France, for sharing their fabulous honeynet database with us. The second author was supported by grant no. CNS-0433540 from the National Science Foundation.

More Related