Using Prediction Markets to Hedge Information Security Risks
- Cite this paper as:
- Pandey P., Snekkenes E.A. (2014) Using Prediction Markets to Hedge Information Security Risks. In: Mauw S., Jensen C.D. (eds) Security and Trust Management. STM 2014. Lecture Notes in Computer Science, vol 8743. Springer, Cham
Devising a successful risk mitigation plan requires estimation of risk and loss impact. However, the information security industry suffers from the problem of information asymmetry, thus leading to not-so correct estimates for risk and loss impact. Prediction markets have been found to be highly effective in the prediction of future events in several domains such as politics, sports, governance, and so on. Also, many organizations such as Google, General Electric, Hewlett Packard, and others have used prediction markets to forecast various business management issues. Based on the application of prediction markets in other domains and various types of financial markets discussed in the literature, such as macro-markets, weather derivatives and economic derivative markets, we hypothesize that: (i) a well-designed prediction market can be used for risk estimation and estimation of loss impact in information security domain. This will help the decision makers in adopting appropriate risk mitigation strategy; (ii) Prediction markets can further be useful in hedging information security risks by allowing trading of financial instruments linked to the risk of information security events. In this paper, we explore the possibility of information security market where financial and insurance-linked instruments can be traded to facilitate the mitigation of a substantial proportion (if not all) of the information security risk. We present the key design issues relevant to the market for trading of information security related financial instruments. Further, we present a risk assessment of such a market’s relevance to its usefulness in hedging information security risks.
Unable to display preview. Download preview PDF.