Can Competitive Insurers Improve Network Security?
- Nikhil ShettyAffiliated withElectrical Engineering and Computer Sciences, University of California, Berkeley
- , Galina SchwartzAffiliated withElectrical Engineering and Computer Sciences, University of California, Berkeley
- , Jean WalrandAffiliated withElectrical Engineering and Computer Sciences, University of California, Berkeley
The interdependent nature of security on the Internet causes a negative externality that results in under-investment in technology-based defences. Previous research suggests that, in such an environment, cyber-insurance may serve as an important tool not only to manage risks but also to improve the incentives for investment in security. This paper investigates how competitive cyber-insurers affect network security and user welfare. We utilize a general setting, where the network is populated by identical users with arbitrary risk-aversion and network security is costly for the users. In our model, a user’s probability to incur damage (from being attacked) depends on both his security and the network security.
First, we consider cyber-insurers who cannot observe (and thus, affect) individual user security. This asymmetric information causes moral hazard. If an equilibrium exists, network security is always worse relative to the no-insurance equilibrium. Though user utility may rise due to a coverage of risks, total costs to society go up due to higher network insecurity.
Second, we consider insurers with full information about their users’ security. Here, user security is perfectly enforceable (zero cost). Each insurance contract stipulates the required user security and covers the entire user damage. Still, for a significant range of parameters, network security worsens relative to the no-insurance equilibrium. Thus, although cyber-insurance improves user welfare, in general, competitive cyber-insurers may fail to improve network security.
- Can Competitive Insurers Improve Network Security?
- Book Title
- Trust and Trustworthy Computing
- Book Subtitle
- Third International Conference, TRUST 2010, Berlin, Germany, June 21-23, 2010. Proceedings
- pp 308-322
- Print ISBN
- Online ISBN
- Series Title
- Lecture Notes in Computer Science
- Series Volume
- Series ISSN
- Springer Berlin Heidelberg
- Copyright Holder
- Springer-Verlag Berlin Heidelberg
- Additional Links
- Industry Sectors
- eBook Packages
- Editor Affiliations
- 16. Heinz College, Carnegie Mellon University
- 17. Department of Computer Science, 6211 Sudikoff Laboratory, Dartmouth College
- 18. System Security Lab, Ruhr University Bochum
- Author Affiliations
- 19. Electrical Engineering and Computer Sciences, University of California, Berkeley, Berkeley, California, 94720
To view the rest of this content please follow the download PDF link above.