Using Prediction Markets to Hedge Information Security Risks

  • Pankaj Pandey
  • Einar Arthur Snekkenes
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8743)

Abstract

Devising a successful risk mitigation plan requires estimation of risk and loss impact. However, the information security industry suffers from the problem of information asymmetry, thus leading to not-so correct estimates for risk and loss impact. Prediction markets have been found to be highly effective in the prediction of future events in several domains such as politics, sports, governance, and so on. Also, many organizations such as Google, General Electric, Hewlett Packard, and others have used prediction markets to forecast various business management issues. Based on the application of prediction markets in other domains and various types of financial markets discussed in the literature, such as macro-markets, weather derivatives and economic derivative markets, we hypothesize that: (i) a well-designed prediction market can be used for risk estimation and estimation of loss impact in information security domain. This will help the decision makers in adopting appropriate risk mitigation strategy; (ii) Prediction markets can further be useful in hedging information security risks by allowing trading of financial instruments linked to the risk of information security events. In this paper, we explore the possibility of information security market where financial and insurance-linked instruments can be traded to facilitate the mitigation of a substantial proportion (if not all) of the information security risk. We present the key design issues relevant to the market for trading of information security related financial instruments. Further, we present a risk assessment of such a market’s relevance to its usefulness in hedging information security risks.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
  2. 2.
    Sony networks hacked post-psn and playstation store restart (last accessed on April 7, 2014), http://www.ibtimes.co.uk/sony-hack-lulzsec-security-psn-playstation-network-hackers-security-breach-3-4-156879
  3. 3.
    Cf disclosure guidance: Topic no. 2 (October 2011), http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm (last accessed on April 7, 2014)
  4. 4.
    Managing cyber security as a business risk: Cyber insurance in the digital age. Tech. rep., Ponemon Institute, LLC (August 2013)Google Scholar
  5. 5.
    Anderson, N.: Wabisabilabi wants to be the ebay of 0-day exploits (July 2007), http://arstechnica.com/security/2007/07/wabisabilabi-wants-to-be-the-ebay-of-0-day-exploits/ (last accessed on April 7, 2014)
  6. 6.
    Banks, E. (ed.): Alternative Risk Transfer. Integrated Risk Management through Insurance, Reinsurance and the Capital Markets. John Wiley & Sons Ltd. (2004)Google Scholar
  7. 7.
    Berg, J.E., Rietz, T.A.: Prediction markets as decision support systems. Information Systems Frontiers 5(1), 79–93 (2003)CrossRefGoogle Scholar
  8. 8.
    Cao, M., Li, A., Wei, J.: Weather derivatives: A new class of financial instruments. Available at SSRN 1016123 (2003)Google Scholar
  9. 9.
    Cashell, B., Jackson, W.D., Jickling, M., Webel, B.: The economic impact of cyber-attacks. CRS Report for Congress Order Code RL3233, Government and Finance Division, Congressional Research Service (April 2004), http://www.fas.org/sgp/crs/misc/RL32331.pdf
  10. 10.
    Company, Z.A.I.: Data security: A growing liability threat (August 2009), http://www.zurichna.com/NR/rdonlyres/23D619DB-AC59-42FF-9589-C0D6B160BE11/0/DOCold2DataSecurity082609.pdf
  11. 11.
    Cox, S., Pedersen, H.: Catastrophe risk bonds. North American Acturial Journal 4(4), 56–82 (2000)CrossRefMATHMathSciNetGoogle Scholar
  12. 12.
    Dubil, R.: Economic derivatives markets–new opportunities for individual investors: A research agenda. Financial Services Review 16(2) (2007)Google Scholar
  13. 13.
    Gadanecz, B., Moessner, R., Upper, C.: Economic derivatives. BIS Quarterly Review, 69–81 (March 2007), http://www.bis.org/publ/qtrpdf/r_qt0703h.pdf; Published by Bank for International Settlements
  14. 14.
    Gandel, S.: No snow, no problem: How wall street profits from weird weather (January 2012), http://business.time.com/2012/01/24/no-snow-no-problem-how-wall-street-profits-from-weird-weather (last accessed on April 7, 2014)
  15. 15.
    Geller, A.: painedwebber: Geek tried to sink stock with cyber bomb: Feds (December 2002), http://nypost.com/2002/12/18/painedwebber-geek-tried-to-sink-stock-with-cyber-bomb-feds/ (last accessed on April 7, 2014)
  16. 16.
    Gordon, L.A., Loeb, M.P., Zhou, L.: The impact of information security breaches: Has there been a downward shift in costs? J. Comput. Secur. 19(1), 33–56 (2011), http://dl.acm.org/citation.cfm?id=1971852.1971854 Google Scholar
  17. 17.
    Goshay, R.C., Sandor, R.L.: An inquiry into the feasibility of a reinsurance futures market. Journal of Business Finance 5(2), 56–66 (1973)Google Scholar
  18. 18.
    Hanson, R.: Combinatorial information market design. Information Systems Frontiers 5(1), 107–119 (2003)CrossRefGoogle Scholar
  19. 19.
    Hanson, R.: Designing real terrorism futures. Public Choice 128(1-2), 257–274 (2006), http://dx.doi.org/10.1007/s11127-006-9053-9
  20. 20.
    Hanson, R.: Shall we vote on values, but bet on beliefs? Journal of Political Philosophy 21(2), 151–178 (2013), http://dx.doi.org/10.1111/jopp.12008
  21. 21.
    Harrington, S., Mann, S., Niehaus, G.: Insurer capital structure decisions and the viability of insurance derivatives. The Journal of Risk and Insurance 62(3), 483–508 (1999)CrossRefGoogle Scholar
  22. 22.
    Hodgson, A.: Derivatives and their application to insurance: a retrospective and prospective overview. In: Britton, N.R. (ed.) Proceedings of a conference sposnored by ADN Group Australia Limited, Southwood Press Pty. Ltd. (1999)Google Scholar
  23. 23.
    Horrigan, B.R.: The cpi futures: The inflation hedge that won’t grow. Business Review, Federal Reserve Bank of Philadelphia (May/June 1987)Google Scholar
  24. 24.
    Jewson, S.: Introduction to weather derivative pricing. The Journal of Alternative Investments 7(2), 57–64 (2004)CrossRefGoogle Scholar
  25. 25.
    Kuchler, H., Raval, A.: Target data theft sounds wake-up call for retailers (January 2014), http://www.ft.com/intl/cms/s/0/7d5f28bc-7d81-11e3-81dd-00144feabdc0.html (last accessed on April 7, 2014)
  26. 26.
    Lovell, M.C., Vogel, R.C.: A cpi-futures market. The Journal of Political Economy, 1009–1012 (1973)Google Scholar
  27. 27.
    Luckner, S.: Prediction markets: Fundamentals, key design elements, and applications. In: The 21st Bled eConference, eCollaboration: Overcoming Boundaries Through Multi-Channel Interaction (June 2008)Google Scholar
  28. 28.
    McNicholas, E.R.: Cybersecurity insurance to mitigate cyber-risks and sec disclosure obligations (August 2013), http://www.bna.com/cybersecurity-insurance-to-mitigate-cyber-risks-and-sec-disclosure-obligations/ (last accessed on April 7, 2014)
  29. 29.
    Myers, R.: What every cfo needs to know now about weather risk management, https://www.celsiuspro.com/Portals/0/Downloads/WeatherRisk_What_Every_CFO_Needs_to_Know_Now.pdf
  30. 30.
    NewYork Supreme Court: Zurich American Insurance Company vs Sony Corporation of America, No. 651982/2011 (July 2011)Google Scholar
  31. 31.
    Pandey, P., Snekkenes, E.A.: Applicability of prediction markets in information security risk management. In: Workshop on Security in Highly Connected IT Systems, Munich, Germany (2014)Google Scholar
  32. 32.
    Pennock, D.M.: A dynamic pari-mutuel market for hedging, wagering, and information aggregation. In: Proceedings of the 5th ACM Conference on Electronic Commerce, pp. 170–179. ACM (2004)Google Scholar
  33. 33.
    Polk, C., Hanson, R., Ledyard, J., Ishikida, T.: The policy analysis market: An electronic commerce application of a combinatorial information market. In: Proceedings of the 4th ACM Conference on Electronic Commerce, EC 2003, pp. 272–273. ACM, New York (2003), http://doi.acm.org/10.1145/779928.779994 Google Scholar
  34. 34.
    Rothschild, M., Stiglitz, J.: Equilibrium in competitive insurance markets: an essay on the economics of imperfect information. Quarterly Journal of Economics 90, 629 (1976)CrossRefGoogle Scholar
  35. 35.
    Shiller, R.J.: Macro markets: Creating institutions for managing society’s largest economic risks. Oxford University Press (June 1998) ISBN: 9780198294184Google Scholar
  36. 36.
    Smith, A.: Share prices are rarely hit hard by cyber attacks (October 2013), http://www.ft.com/intl/cms/s/0/348d7f1a-417e-11e3-9073-00144feabdc0.html (last accessed on April 7, 2014)
  37. 37.
    Spann, M., Skiera, B.: Internet-based virtual stock markets for business forecasting. Management Science 49(10), 1310–1326 (2003)CrossRefGoogle Scholar
  38. 38.
    Stulz, R.M.: Should we fear derivatives? Tech. rep., National Bureau of Economic Research (2004)Google Scholar
  39. 39.
    Varma, G.K.: Managing risk using prediction markets. The Journal of Prediction Markets 7(03), 45–60 (2013)Google Scholar
  40. 40.
    Wolfers, J., Zitzewitz, E.: Prediction markets. Journal of Economic Perspectives 18(2), 107–126 (2004)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Pankaj Pandey
    • 1
  • Einar Arthur Snekkenes
    • 1
  1. 1.Norwegian Information Security Lab.Gjøvik University CollegeNorway

Personalised recommendations