Cyber Insurance as an Incentivefor Internet Security
msra(2008)
摘要
Managing security risks in the Internet has, so far, mostly involved methods to reduce the risks and the severity of the damages.
Those methods (such as firewalls, intrusion detection and prevention, etc) reduce but do not eliminate risk, and the question
remains on how to handle the residual risk. In this chapter, we consider the problem of whether buying insurance to protect
the Internet and its users from security risks makes sense, and if so, identifying specific benefits of insurance and designing
appropriate insurance policies.
Using insurance in the Internet raises several questions because entities in the Internet face correlated risks, which means
that insurance claims will likely be correlated, making those entities less attractive to insurance companies. Furthermore,
risks are interdependent, meaning that the decision by an entity to invest in security and self-protect affects the risk faced
by others. We analyze the impact of these externalities on the security investments of the users using simple models that
combine recent ideas from risk theory and network modeling.
Our key result is that using insurance would increase the security in the Internet. Specifically, we show that the adoption
of security investments follows a threshold or tipping point dynamics, and that insurance is a powerful incentive mechanism
which pushes entities over the threshold into a desirable state where they invest in self-protection.
Given its many benefits, we argue that insurance should become an important component of risk management in the Internet,
and discuss its impact on Internet mechanisms and architecture.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要