Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
CYBER-INSURANCE REVISITED
1
Cyber-Insurance Revisited
Workshop on the Economics of Information SecurityKennedy School of Government · Harvard University03 June 2005
Rainer Bö[email protected]
Department of Computer ScienceInstitute for System Architecture01062 Dresden, Germany
Participation in this workshop was kindly supported by a stipend from the Institute for Information Infrastructure Protection.
CYBER-INSURANCE REVISITED
2 2
Literature reviewWhy cyber-insurance is a good ideato tackle IT security risks
Incentives · Market situation · Theories
Structure of the Talk
Contribution of this paperExplaining immature supply of cyber-insurance with concentration in relevant equipment markets
Model · Results · Interpretation
1
CYBER-INSURANCE REVISITED
3
Transfer of riskExchange of uncertain future costs to fixed expenses at present
Welfare Effects of a Market for Cyber-Insurance
Subjective rationality
Manageability Constant liquidity prevents undue shortages and crises
QuantificationPremiums form a metric for the value (≠cost) of security strength
Substantial rationality
Incentives to innovateMore secure technologies pay off in lower premiums Buzzword: Total cost of ownership
Incentives to implementeffective security measures in reasonable scope
Infosec R&DEvaluation and code reviews, information sharing
Ref.: Anderson 1994, Varian 2000, Kesan et al. 2004, Schneier 2004, a.o.
CYBER-INSURANCE REVISITED
4
Immature Market for Cyber-Insurance
Share Comparison Forecast
AIG 70%
Others: Chubb, Lloyds,St. Paul, Zurich, Hartford, Ace u.a.
about 2.500 contracts
Revenue 2002: 60–120 M USD
Sources: Cashell et al. (CRS) 2004, Panko 2003, Insurance Information Institute 2004, Conning & Co 2004
0
6
12
18
24
30billion USD premiums 2002
general businessliability
cyber-insurance
0
2
3
5
6
8
2002 2004 2006 2008
billion USD
6 billion USD
2 billion USD
optimistic forecast
prudent forecast
Worldwide losses 2003:· about 13 billion USD (worms & viruses)· about 226 billion USD (all attacks)
CYBER-INSURANCE REVISITED
5
Liability unsolvedLosses occur nevertheless: instead of the originator, the aggrieved party could demand coverage
How to Explain the Immature Market
Thesis 1:
Thesis 2:
Thesis 3:
Thesis 4:
Thesis 5:
Ref.: Schneier 2004, Borch 1995, Knowledge@Wharton 2001 (via news.com), CSO Magazine 2002
“New risks” lack actuarial data Early satellite starts got coverage as well
Difficulty to substantiate claimsProbably – can be interpreted as combination of residual juridical risk together with high transaction costs ...
High probability of lossYou can even insure warships at wartime
Cyber-risks are accumulation risks Market concentration causes correlation of claims
CYBER-INSURANCE REVISITED
6
Recall: Economic Causes for Monoculture
Ref.: Shapiro & Varian 1999, Anderson 2001, a.o.
Dependencies in complementary marketsThird-party vendors of supplementary products first support the dominant platform and thus contribute to increase its attraction
Negligible marginal costsLow costs for additional output (e.g., copy of a software CD) enables strategic pricing and fosters predatory competition
Network externalitiesUtility of a system increases with its market share, i.e., with the number of users of compatible devices (Metcalfe’s law)
CYBER-INSURANCE REVISITED
7
Liability, Risk Transfer, and Market Structure
Links to relevant literature
Our approach:
software qualityinsurance marketmarket structure –
Kim, Chen & Mukhopadhyay, 2004 (WISE)
product liablility software quality
market structure
–⊗
Varian 2000, Anderson 2001, and others
product liability insurance market software quality+ +
CYBER-INSURANCE REVISITED
8
Implications of Market Structure
concentratedmarket structure
Consequences forinsurance companies?
concurrentlosses
little diversity of installed
systems
identicalvulnerabilities
networking strategicadversaries
+
CYBER-INSURANCE REVISITED
9
2 Explaining immature supply of cyber-insurance
with concentration in equipment markets
Model · Results · Interpretation
CYBER-INSURANCE REVISITED
10
Structure of the Domain
Economics of Insurance
calculation of premiumsmoral
hazardadverseselection
life indemnity
individualrisk model
compoundrisk model
CYBER-INSURANCE REVISITED
11
Supply-Side Model of General Indemnity Insurance
Portfolio of n independent Bernoulli-risks with probability of loss p.Expected total claim amount E(L) follows a Binomial distribution B(n,p).
P(L=x)
n0 E(L)
ε
c
Premium must comprise additional safety loading to finance safety capital c, so that the probability of ruin of the insurance company keeps below a defined upper bound ε.
CYBER-INSURANCE REVISITED
individualrisks
(independent)
Total probability of loss p = const
ρ = .15
12
Indemnity Insurance for Correlated Risks
R1
R2
R3
Rn
...individual loss
variables
Single-Factor-Model
R0
systemicrisk
(e.g., virus attack)
correlationρ
ρ = .00
Formulation as compositionof two Binomial distributions depending on p, n, and ρ.
ρ = .30
CYBER-INSURANCE REVISITED
13
Demand-Side Model for Cyber-Insurance
Two-State Model of Income
●
0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4
0.0
0.2
0.4
0.6
0.8
1.0
1.2
1.4
p = 0.05
Income in bad state
Inco
me
in g
ood
stat
e
I 0
I1 N
U1
U2
σ = 2
Indifference curves according to CRRA
utility function
Individuals prefer · lower expected income · under certainty to · higher expected income · under uncertainty
•Γmax
line of certainty
•ΓEnet premium
max. safety loading
CYBER-INSURANCE REVISITED
No problem· Coverage for perils with high probability of loss· High risk averse individuals
Explanation: The willingness to pay for these policies is generally high so that additional loading to compensate for the correlation remains relatively unimportant.
Problem· “Small policies” against unlikely losses
These are the mass market products that could deliver liquidity and volume to form a mature market for cyber-insurance
14
Results 1: Insurability of “Monocultures”
Upper bounds for correlation of claims ρ
Risk p I0 = 0.2 1.0 5.0 0.2 1.0 5.0
0.01 0.11 0.04 0.01 1.00 0.20 0.03
0.05 0.55 0.19 0.05 1.00 0.89 0.16
0.10 1.00 0.37 0.09 1.00 1.00 0.31
0.20 1.00 0.73 0.18 1.00 1.00 0.60
moderate (!=1) strong (!=3)
Risk aversion of insurance holder
CYBER-INSURANCE REVISITED
15
Results 2: Advantage of Diversification
Alternative platform A· Total probability of loss p· Finite portfolio size n· No correlation of losses (plausible for virus contagion)
Dominant platform D· Total probability of loss p· Large portfolio size (n→∞)· Correlation of losses ρ > 0
Comparison of two example platforms ...
CYBER-INSURANCE REVISITEDPremiums for Dominant and Alternative Platform
16
Conditional Advantage of Diversification
Portfolio size of alternative platform n
Prem
ium
π
0.10
0.11
0.12
0.13
10 100 1000 10000 100000
πρ=0
p = 0.1
D dominant
A alternative
πρ=0.01nmin = 5000+
πρ=0.2nmin = 22+
πρ=0.1nmin = 80+
πρ=0.05nmin = 200+
CYBER-INSURANCE REVISITED
17
Results 2: Advantage of Diversification
Alternative platform A· Total probability of loss p· Finite portfolio size n· No correlation of losses (plausible for virus contagion)
Dominant platform D· Total probability of loss p· Large portfolio size (n→∞)· Correlation of losses ρ > 0
Comparison of two example platforms ...
Result: A minimum portfolio size of A is required before insurance premiums fall below the level of D.
Market entry barrier
CYBER-INSURANCE REVISITED
18
Implications
Favorable economic effectsCyber-insurance moderates IT security investment, reduces residual risk, and creates incentives for R&D.
Frame:
Shortage of supply due to market structureThough demand for cyber-insurance exists, a monoculture of installed systems may thwart a market equilibrium.
Thesis 1:
Reciprocity of interventionsSince market structure in the equipment market and conditions for cyber-insurance are linked, regulatory policies supporting cyber-insurance might cause a shift in market shares.
Thesis 2:
CYBER-INSURANCE REVISITED
19
Can Premiums Steal the Thunder of Market Power?
Netw
ork
exte
rnal
ities
Mar
gina
lco
sts
Com
plem
enta
ry
m
arke
ts
Prem
ium
bene
fit
Does cyber-insurance, as pricing mechanism for security properties, outweigh the strong drivers to market concentration?
CYBER-INSURANCE REVISITED
20
Limitations
Comparison of platforms· Market position is likely to influence total probability of loss· Inclusion of transaction and monitoring costs might reveal advantages for the market leader (Metcalfe ... again!)
Demand-side model· Partial coverage not regarded· Restricted to one class of utility functions (CRRA)· Difficulty to quantify losses left out
Supply-side model· Naive selection of Bernoulli risks· Measure of dependence (correlation) unrealistic · Individual risk approach hinders empirical substantiation
Further interdisciplinary research needed
CYBER-INSURANCE REVISITED
21
Conclusion
“A trusted component or system is one which you can insure.”
Ross Anderson, ESORICS 1994
trustworthinessinsurability
market structureShown here:
CYBER-INSURANCE REVISITED
22
Q&A Rainer BöhmeInstitute for System [email protected]
Discussion
Thanks for your attention.