Game Theory for Networks. 7th International EAI Conference, GameNets 2017 Knoxville, TN, USA, May 9, 2017, Proceedings

Research Article

Designing Cyber Insurance Policies: Mitigating Moral Hazard Through Security Pre-Screening

Download
333 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-67540-4_6,
        author={Mohammad Khalili and Parinaz Naghizadeh and Mingyan Liu},
        title={Designing Cyber Insurance Policies: Mitigating Moral Hazard Through Security Pre-Screening},
        proceedings={Game Theory for Networks. 7th International EAI Conference, GameNets 2017 Knoxville, TN, USA, May 9, 2017, Proceedings},
        proceedings_a={GAMENETS},
        year={2017},
        month={9},
        keywords={},
        doi={10.1007/978-3-319-67540-4_6}
    }
    
  • Mohammad Khalili
    Parinaz Naghizadeh
    Mingyan Liu
    Year: 2017
    Designing Cyber Insurance Policies: Mitigating Moral Hazard Through Security Pre-Screening
    GAMENETS
    Springer
    DOI: 10.1007/978-3-319-67540-4_6
Mohammad Khalili1,*, Parinaz Naghizadeh1,*, Mingyan Liu1,*
  • 1: University of Michigan
*Contact email: khalili@umich.edu, naghizad@umich.edu, mingyan@umich.edu

Abstract

Cyber-insurance has been studied as both a method for risk-transfer, as well as a potential incentive mechanism for improving the state of cyber-security. However, in the absence of regulated insurance markets or compulsory insurance, the introduction of insurance deteriorates network security. This is because by transferring part of their risk to the insurer, the insured agents can decrease their levels of effort. In this paper, we consider the design of insurance contracts by an (unregulated) profit-maximizing insurer, and allow for voluntary participation. We propose the use of pre-screening to offer premium discounts to higher effort agents. We show that such premium discrimination not only helps the insurer attain higher profits, but also leads the agents to improve their efforts. We show that with interdependent agents, the incentivized improvement in efforts can compensate for the effort reduction resulting from risk transfer, thus improving the state of network security over the no-insurance scenario. In other words, the availability of pre-screening signals benefits both the insurer, as well as the state of network security, without the need to regulate the market or compulsory participation.