Abstract
Cyber-insurance products are the only financial instrument available as a risk-transfer mechanism in the information security domain. Furthermore, cyber-insurance markets are unable or unwilling to facilitate the transfer of risks, particularly those with a high probability and high intensity of loss. Thus, there is a need for a new mechanism to address the variety of information security risks. This article addresses the shortcomings in the existing information security risk hedging market. The article presents a financial instrument and a corresponding trading mechanism to be used for risk hedging in an information security prediction market. Also, the article uses an imaginary case to demonstrate the application of the contract. Furthermore, an evaluation of the contract and trading mechanism in its usefulness in hedging the underlying risks is presented. In our analysis, we found that information security contracts can be a solution (at least to some extent) to the problems in the existing risk hedging mechanisms in the information security domain.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Managing cyber security as a business risk: Cyber insurance in the digital age. Technical Report, Ponemon Institute, LLC, August 2013
Dimitrov, S., Sami, R.: Composition of markets with conflicting incentives. In: Proceedings of the 11th ACM Conference on Electronic Commerce, pp. 53–62. EC 2010, ACM, New York, NY, USA (2010)
Fabozzi, F.J.: The Handbook of Financial Instruments. Wiley, Hoboken (2002)
Fidler, M.: Anarchy of Regulation: Controlling the Global Trade in Zero-Day Vulnerabilities. Ph.D. thesis, Stanford University, May 2014
Forsythe, R., Rietz, T.A., Ross, T.W.: Wishes, expectations and actions: a survey on price formation in election stock markets. J. Econ. Behav. Organ. 39(1), 83–110 (1999)
Gray, A.: Government resists calls to fund backstop for cyber disaster losses, April 2015. http://www.ft.com/cms/s/0/7f9d8326-d096-11e4-a840-00144feab7de.html. Accessed 19 June 2015
Hanson, R.: Designing real terrorism futures. Public Choice 128(1–2), 257–274 (2006)
Hanson, R., Oprea, R.: A manipulator can aid prediction market accuracy. Economica 76(302), 304–314 (2009)
King, R.: Cyber insurance capacity is very small: Aig ceo. CIO Journal, Apr 2015. http://blogs.wsj.com/cio/2015/04/02/cyber-insurance-capacity-is-very-small-aig-ceo/. Accessed 19 June 2015
Luckner, S.: Prediction markets: Fundamentals, key design elements, and applications. The 21st Bled eConference, eCollaboration: Overcoming Boundaries Through Multi-Channel Interaction, June 2008
NewYork Supreme Court: Zurich American Insurance Company vs Sony Corporation of America, no. No. 651982/2011, July 2011
Ozment, A.: The likelihood of vulnerability rediscovery and the social utility of vulnerability hunting. In: Workshop on Economics and Information Security (2005)
Pandey, P., Snekkenes, E.A.: An assessment of market methods for information security risk management. In: 16th IEEE International Conference on High Performance and Communications, WiP track (2014)
Pennock, D.M.: A dynamic pari-mutuel market for hedging, wagering, and information aggregation. In: Proceedings of the 5th ACM Conf. on Electronic Commerce, pp. 170–179 (2004)
Plott, C.R., Chen, K.Y.: Information aggregation mechanisms: Concept, design and implementation for a sales forecasting problem. W.P. 1131, California Institute of Technology (2002)
Spann, M.: Virtuelle Börsen Als Instrument Zur Marktforschung. Deutscher Universitäts-Verlag (2002)
Sripawatakul, P., Sutivong, D.: Decision framework for constructing prediction markets. In: The 2nd IEEE International Conference on Information Management and Engineering, April 2010
WEF, Partner: Risk and responsibility in a hyperconnected world. Technical Report, World Economic Forum in collaboration with McKinsey and Company, January 2014
Weinhardt, C., Gimpel, H.: Market engineering: An interdisciplinary research challenge. In: Jennings, N., Kersten, G., Ockenfels, A., Weinhardt, C. (eds.) Negotiation and Market Engineering. No. 06461, IBFI, Germany (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Pandey, P., De Haes, S. (2015). Design, Demonstration, and Evaluation of an Information Security Contract and Trading Mechanism to Hedge Information Security Risks. In: Foresti, S. (eds) Security and Trust Management. STM 2015. Lecture Notes in Computer Science(), vol 9331. Springer, Cham. https://doi.org/10.1007/978-3-319-24858-5_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-24858-5_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-24857-8
Online ISBN: 978-3-319-24858-5
eBook Packages: Computer ScienceComputer Science (R0)