This paper investigates how competitive cyber-insurers affect network se-curity and welfare of the networked society. In our model, a user’s probability to incur damage (from being attacked) depends on both his security and the network security, with the latter taken by individual users as given. First, we consider cyber- insurers who cannot observe (and thus, affect) individual user security. This asym- metric information causes moral hazard. Then, formost parameters, no equilibrium exists: the insurance market is missing. Even if an equilibrium exists, the insur- ance contract covers only aminor fraction of the damage; network security worsens relative to the no-insurance equilibrium. Second, we consider insurers with perfect information about their users’ security. Here, user security is perfectly enforce able (zero cost); each insurance contract stipulates the required user security. The unique equilibrium contract covers the entire user damage. Still, for most param- eters, network security worsens relative to the no-insurance equilibrium. Although cyber-insurance improves user welfare, in general, competitive cyber-insurers fail to improve network security
CITATION STYLE
Shetty, N., Schwartz, G., Felegyhazi, M., & Walrand, J. (2010). Competitive Cyber-Insurance and Internet Security. In Economics of Information Security and Privacy (pp. 229–247). Springer US. https://doi.org/10.1007/978-1-4419-6967-5_12
Mendeley helps you to discover research relevant for your work.