e-Risk Management with Insurance: A Framework Using Copula Aided Bayesian Belief Networks

Mukhopadhyay, Arunabha; Chatterjee, Samir; Saha, Debashis; Mahanti, Ambuj; Sadhukhan, Samir K.

doi:10.1109/hicss.2006.138

“…15 Discuss the development of the market for cyber insurance, finding that the evolution of internet security risk and increasing compliance requirements significantly drive demand. 16 Mukhopadhyay et al (2006) Introduce an approach to estimate cyber risk probabilities based on Bayesian belief networks as a basis to determine cyber insurance premiums. 17 Böhme (2005) Discusses the formation of a proper cyber insurance market and problems by correlated losses; also the conditions under which coverage of cyber risk is possible are evaluated.…”

Section: Hofmann and Ramajmentioning

confidence: 99%

Insurability of Cyber Risk: An Empirical Analysis

Biener

¹

,

Eling

²

,

Wirfs

³

2014

Geneva Pap Risk Insur Issues Pract

View full text Add to dashboard Cite

This paper discusses the adequacy of insurance for managing cyber risk. To this end, we extract 994 cases of cyber losses from an operational risk database and analyze their statistical properties. Based on the empirical results and recent literature, we investigate the insurability of cyber risk by systematically reviewing the set of criteria introduced by Berliner (1982). Our findings emphasize the distinct characteristics of cyber risks compared to other operational risks and bring to light significant problems resulting from highly interrelated losses, lack of data, and severe information asymmetries. These problems hinder the development of a sustainable cyber insurance market. We finish by discussing how cyber risk exposure may be better managed and make several suggestions for future research.

show abstract

“…Another type of signaling could be a certification of the data security following ISO standards; in general, there is a lack of exchange of best practices in cyber risk management that inhibits identification of dominant strategies for tackling cyber risk (see ENISA, 2012). 68 Mukhopadhyay et al (2005Mukhopadhyay et al ( , 2006 apply the collective risk model in conjunction with expected utility theory to make judgments about the theoretical value of cyber insurance to firms with different levels of risk aversion. They find that with increasing risk aversion, firms will accept fairly priced cyber insurance over no insurance.…”

Section: Market Criteria (6) Insurance Premiummentioning

confidence: 99%

Insurability of Cyber Risk: An Empirical Analysis

Biener

¹

,

Eling

²

,

Wirfs

³

2015

View full text Add to dashboard Cite

This paper discusses the adequacy of insurance for managing cyber risk. To this end, we extract 994 cases of cyber losses from an operational risk database and analyze their statistical properties. Based on the empirical results and recent literature, we investigate the insurability of cyber risk by systematically reviewing the set of criteria introduced by Berliner (1982). Our findings emphasize the distinct characteristics of cyber risks compared to other operational risks and bring to light significant problems resulting from highly interrelated losses, lack of data, and severe information asymmetries. These problems hinder the development of a sustainable cyber insurance market. We finish by discussing how cyber risk exposure may be better managed and make several suggestions for future research.

show abstract

“…Event Study(ES) methodology has been used determine the stock market impact of a cyber breach [29,30]. [20] VAR (2008) [19] Smith Lim Approach (1984) [17] LRAM (1987) [16,17] SPAN (1990) [16,17] Copula aided BBN (2006) [21] Cognitive Fuzzy Logic(2000) [22] Hidden Markov Model (2006) Fuzzy AHP (2009) ANN for phishing (2011) [27] Fuzzy sets & GA (2011) [26] Gametheoretic approach (2004) [18] Parker's Computer Security program (1981) [16,17] CRAMM (1991) [16,17] CORAS (2002) [16,17] OCTAVE (2003) [16,17] ISRAM (2005) [16,17] RISKPAC (1988) [16,17] Gompertz Diffusion Model (2003) [11] GLM(Logit) (2009) [16] …”

Section: Techniques For Is Risk Assessmentmentioning

confidence: 99%

i-HOPE Framework for Predicting Cyber Breaches: A Logit Approach

Das

¹

,

Mukhopadhyay

²

,

Shukla

³

2013

2013 46th Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

In light of the recent surge in cyber security breaches globally, Information Security Management Systems (ISMS) for organizations is of utmost importance. In this paper, we used the CSI-FBI survey questionnaires from 1997 to 2010 and ISO/IEC27001 standard to propose an i-HOPE framework to predict the likelihood of a cyber breach. Generalized Linear Model i.e. Logit approach and CSI-FBI questionnaire data was used to compute and validate our proposed model. Using our i-HOPE framework we conclude that (i) specific security technologies (Firewalls, IDSs, Biometrics, firewalls), can deter only specific types of attacks (ii) reporting of cyber breaches to law enforcing bodies does not deter cyber attacks (iii) increase in percentage of (a) IT budget allocated to security and (b) outsourcing of IT security function decreases the likelihood of an attack.

show abstract

e-Risk Management with Insurance: A Framework Using Copula Aided Bayesian Belief Networks

Cited by 21 publications

References 6 publications

Insurability of Cyber Risk: An Empirical Analysis

Insurability of Cyber Risk: An Empirical Analysis

Insurability of Cyber Risk: An Empirical Analysis

i-HOPE Framework for Predicting Cyber Breaches: A Logit Approach

Contact Info

Product

Resources

About