$\mathtt{FlipIn}$ : A Game-Theoretic Cyber Insurance Framework for Incentive-Compatible Cyber Risk Management of Internet of Things

While data theft and cyber risk are major threats facing organizations, existing research suggests that most organizations do not have sufficient protection to prevent data breaches, deal with notification responsibilities, and comply with privacy laws. This article explores how insurance companies play a critical, yet unrecognized, role in assisting organizations in complying with privacy laws and dealing with cyber theft. My analysis draws from and contributes to two literatures on organizational compliance: new institutional organizational sociology studies of how organizations respond to legal regulation and sociolegal insurance scholars' research on how institutions govern through risk. Through participant observation at conferences, interviews, and content analysis of insurer manuals and risk management services, my study highlights how insurers act as compliance managers for organizations dealing with cyber security threats. Well beyond pooling and transferring risk, insurance companies offer cyber insurance and unique risk management services that influence the ways organizations comply with privacy laws.

Download Full-text

Cyber Risk Management with Risk Aware Cyber-Insurance in Blockchain Networks

2018 IEEE Global Communications Conference (GLOBECOM) ◽

10.1109/glocom.2018.8648141 ◽

2018 ◽

Author(s):

Shaohan Feng ◽

Zehui Xiong ◽

Dusit Niyato ◽

Ping Wang ◽

Shaun Shuxun Wang ◽

...

Keyword(s):

Risk Management ◽

Cyber Insurance ◽

Cyber Risk

Download Full-text

Cyber Risk in IoT Systems

10.20944/preprints201903.0104.v1 ◽

2019 ◽

Cited By ~ 2

Author(s):

Petar Radanliev ◽

David Charles De Roure ◽

Carsten Maple ◽

Jason R.C. Nurse ◽

Razvan Nicolescu ◽

...

Keyword(s):

Risk Assessment ◽

Risk Management ◽

Internet Of Things ◽

The Internet ◽

Incident Response ◽

Open Questions ◽

Response And Recovery ◽

Management Approaches ◽

Cyber Risk ◽

The Internet Of Things

In this paper we present an understanding of cyber risks in the Internet of Things (IoT), we explain why it is important to understand what IoT cyber risks are and how we can use risk assessment and risk management approaches to deal with these challenges. We introduce the most effective ways of doing Risk assessment and Risk Management of IoT risk. As part of our research, we also developed methodologies to assess and manage risk in this emerging environment.  This paper will take you through our research and we will explain: what we mean by the IoT; what we mean by risk and risk in the IoT; why risk assessment and risk management are important; the IoT risk management for incident response and recovery; what open questions on IoT risk assessment and risk management remain.

Download Full-text

Optimal Investment in Cyber-Security under Cyber Insurance for a Multi-Branch Firm

Risks ◽

10.3390/risks9010024 ◽

2021 ◽

Vol 9 (1) ◽

pp. 24

Author(s):

Alessandro Mazzoccoli ◽

Maurizio Naldi

Keyword(s):

Risk Management ◽

Cyber Security ◽

Management Strategies ◽

Limited Liability ◽

Optimal Investment ◽

Cyber Insurance ◽

Risk Management Strategies ◽

Cyber Risk ◽

Investment Choices ◽

Very High

Investments in security and cyber-insurance are two cyber-risk management strategies that can be employed together to optimize the overall security expense. In this paper, we provide a closed form for the optimal investment under a full set of insurance liability scenarios (full liability, limited liability, and limited liability with deductibles) when we consider a multi-branch firm with correlated vulnerability. The insurance component results to be the major expense. It ends up being the only recommended approach (i.e., setting zero investments in security) when the intrinsic vulnerability is either very low or very high. We also study the robustness of the investment choices when our knowledge of vulnerability and correlation is uncertain, concluding that the uncertainty induced on investment by either uncertain correlation or uncertain vulnerability is not significant.

Download Full-text

What Risk Prevention Measures Can I Use?

10.1093/oso/9780197526545.003.0006 ◽

2021 ◽

pp. 104-131

Author(s):

Gregory Falco ◽

Eric Rosenbach

Keyword(s):

Risk Management ◽

Internet Of Things ◽

Risk Prevention ◽

Prevention Measures ◽

Data Governance ◽

Specific System ◽

Intrusion Prevention ◽

Industrial Internet ◽

Cyber Risk

The question “What risk prevention measures can I use?” describes how to reduce the likelihood of a cyberattack on your organization. The chapter begins with a case study on the SolarWinds hack exemplifying how prevention measures on a specific system, network, or data cannot be effective on their own. The chapter describes why cyber risk management needs to be embedded across all facets of the organization, and how the Embedded Endurance strategy can help readers achieve that. It reviews system security prevention measures that include patch management and antivirus software. It explains network security prevention measures, including intrusion detection and intrusion prevention systems. The chapter also describes data risk prevention measures such as data governance, encryption, and data loss prevention technology, and highlights the importance of physical security for reducing cyber risk. The chapter concludes with Falco’s Embedded Endurance strategy insight on risk prevention gained at his industrial Internet-of-Things security company.

Download Full-text

Advancing Cyber Risk Insurance Underwriting Model Risk Management beyond VaR to Pre-Empt and Prevent the Forthcoming Global Cyber Insurance Crisis

SSRN Electronic Journal ◽

10.2139/ssrn.3081492 ◽

2017 ◽

Cited By ~ 1

Author(s):

Yogesh Malhotra

Keyword(s):

Risk Management ◽

Model Risk ◽

Cyber Insurance ◽

Risk Insurance ◽

Cyber Risk

Download Full-text

How Do I Embed Cyber Risk Management in All Aspects of the Organization?

10.1093/oso/9780197526545.003.0008 ◽

2021 ◽

pp. 160-172

Author(s):

Gregory Falco ◽

Eric Rosenbach

Keyword(s):

Risk Management ◽

Real World ◽

Mitigation Measures ◽

Critical Systems ◽

The Real ◽

Cyber Insurance ◽

Risk Framework ◽

Strategic Goals ◽

Cyber Risk

The question “How do I embed cyber risk management in all aspects of the organization?” addresses how to adopt an Embedded Endurance cyber risk strategy in your day-to-day work as a cyber leader. The chapter begins with a case study about the NotPetya cyberattack, which highlights ongoing challenges in cyber insurance and illuminates the need for embedding cyber mitigation measures across all prioritized critical systems, networks, and data. The chapter describes how to develop an Embedded Endurance cyber risk strategy that is customized for your organization. This chapter walks readers through the key elements of a cyber strategy, from start to finish. This includes defining a risk framework, setting strategic goals, identifying metrics, and establishing strong leadership. The chapter concludes with experiences highlighting the real-world importance of an Embedded Endurance cyber risk strategy from Rosenbach and Falco.

Download Full-text

Internet of Things (IoT) Cybersecurity: Literature Review and IoT Cyber Risk Management

Future Internet ◽

10.3390/fi12090157 ◽

2020 ◽

Vol 12 (9) ◽

pp. 157

Author(s):

In Lee

Keyword(s):

Risk Management ◽

Internet Of Things ◽

Financial Resources ◽

Proof Of Concept ◽

Linear Programming Method ◽

Iot Security ◽

Management Framework ◽

Risk Management Framework ◽

Cyber Risk ◽

The Internet Of Things

Along with the growing threat of cyberattacks, cybersecurity has become one of the most important areas of the Internet of Things (IoT). The purpose of IoT cybersecurity is to reduce cybersecurity risk for organizations and users through the protection of IoT assets and privacy. New cybersecurity technologies and tools provide potential for better IoT security management. However, there is a lack of effective IoT cyber risk management frameworks for managers. This paper reviews IoT cybersecurity technologies and cyber risk management frameworks. Then, this paper presents a four-layer IoT cyber risk management framework. This paper also applies a linear programming method for the allocation of financial resources to multiple IoT cybersecurity projects. An illustration is provided as a proof of concept.

Download Full-text

Cyber Risk. The New Enemy for Risk Management in the Age of Globalisation

MANAGEMENT CONTROL ◽

10.3280/maco2018-su2007 ◽

2018 ◽

pp. 135-155 ◽

Cited By ~ 2

Author(s):

Chiara Crovini ◽

Giovanni Ossola ◽

Pier Luigi Marchini

Keyword(s):

Risk Management ◽

Cyber Risk

Download Full-text