Attack-Aware Cyber Insurance for Risk Sharing in Computer Networks

摘要

Cyber insurance has been recently shown to be a promising mechanism to mitigate losses from cyber incidents, including data breaches, business interruption, and network damage. A robust cyber insurance policy can reduce the number of successful cyber attacks by incentivizing the adoption of preventative measures and the implementation of best practices of the users. To achieve these goals, we first establish a cyber insurance model that takes into account the complex interactions between users, attackers and the insurer. A games-in-games framework nests a zero-sum game in a moral-hazard game problem to provide a holistic view of the cyber insurance and enable a systematic design of robust insurance policy. In addition, the proposed framework naturally captures a privacy-preserving mechanism through the information asymmetry between the insurer and the user in the model. We develop analytical results to characterize the optimal insurance policy and use network virus infection as a case study to demonstrate the risk-sharing mechanism in computer networks.