Exact Insurance Premiums for Cyber Risk of Small and Medium-Sized Enterprises

Chiaradonna, Stefano; Lanchier, Nicolas

doi:10.1051/mmnp/2022041

Cited by 7 publications

(1 citation statement)

References 22 publications

(56 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this setting, there have been works for cyber risk such as using epidemic models (e.g., Xu & Hua, 2019; Antonio & Indratno, 2021), Bayesian models (e.g., Amin, 2019; Zebrowski et al., 2022), and attack graphs (e.g., S. Wang et al., 2013; H. Wang et al., 2018). The works more relevant to our proposed framework are Jevtić and Lanchier (2020), who proposed a structural model of aggregate loss distribution for cyber risk using bond percolation, and Chiaradonna and Lanchier (2022), who considered a bidirectional version of their model. And despite the lack of actuarial literature on the cyber risk of a hospital, these models pave the way for taking a network approach for pricing cyber risk and thus quantifying potential financial losses for risk frameworks.…”

Section: Introductionmentioning

confidence: 99%

Framework for cyber risk loss distribution of hospital infrastructure: Bond percolation on mixed random graphs approach

2023

Self Cite

View full text Add to dashboard Cite

Networks like those of healthcare infrastructure have been a primary target of cyberattacks for over a decade. From just a single cyberattack, a healthcare facility would expect to see millions of dollars in losses from legal fines, business interruption, and loss of revenue. As more medical devices become interconnected, more cyber vulnerabilities emerge, resulting in more potential exploitation that may disrupt patient care and give rise to catastrophic financial losses. In this paper, we propose a structural model of an aggregate loss distribution across multiple cyberattacks on a prototypical hospital network. Modeled as a mixed random graph, the hospital network consists of various patient‐monitoring devices and medical imaging equipment as random nodes to account for the variable occupancy of patient rooms and availability of imaging equipment that are connected by bidirectional edges to fixed hospital and radiological information systems. Our framework accounts for the documented cyber vulnerabilities of a hospital's trusted internal network of its major medical assets. To our knowledge, there exist no other models of an aggregate loss distribution for cyber risk in this setting. We contextualize the problem in the probabilistic graph‐theoretical framework using a percolation model and combinatorial techniques to compute the mean and variance of the loss distribution for a mixed random network with associated random costs that can be useful for healthcare administrators and cybersecurity professionals to improve cybersecurity management strategies. By characterizing this distribution, we allow for the further utility of pricing cyber risk.

show abstract