[PPT] - Cyber-Insurance Revisited Workshop on the Economics of Information PowerPoint Presentation

SLIDE 1

CYBER-INSURANCE REVISITED 1

Cyber-Insurance Revisited

Workshop on the Economics of Information Security Kennedy School of Government · Harvard University 03 June 2005

Rainer Böhme rainer.boehme@inf.tu-dresden.de Department of Computer Science Institute for System Architecture 01062 Dresden, Germany Participation in this workshop was kindly supported by a stipend from the Institute for Information Infrastructure Protection.

SLIDE 2

CYBER-INSURANCE REVISITED

2

Literature review Why cyber-insurance is a good idea to tackle IT security risks Incentives · Market situation · Theories

Structure of the Talk

Contribution of this paper Explaining immature supply of cyber-insurance with concentration in relevant equipment markets Model · Results · Interpretation

1

SLIDE 3

CYBER-INSURANCE REVISITED 3

Transfer of risk Exchange of uncertain future costs to fixed expenses at present

Welfare Effects of a Market for Cyber-Insurance

Subjective rationality

Manageability Constant liquidity prevents undue shortages and crises Quantification Premiums form a metric for the value (≠cost) of security strength

Substantial rationality

Incentives to innovate More secure technologies pay off in lower premiums

Buzzword: Total cost of ownership

Incentives to implement effective security measures in reasonable scope Infosec R&D Evaluation and code reviews, information sharing

Ref.: Anderson 1994, Varian 2000, Kesan et al. 2004, Schneier 2004, a.o.

SLIDE 4

CYBER-INSURANCE REVISITED 4

Immature Market for Cyber-Insurance

Share Comparison Forecast

AIG 70%

Others: Chubb, Lloyds,

St. Paul, Zurich,

Hartford, Ace u.a. about 2.500 contracts

Revenue 2002: 60–120 M USD

Sources: Cashell et al. (CRS) 2004, Panko 2003, Insurance Information Institute 2004, Conning & Co 2004

6 12 18 24 30 billion USD premiums 2002 general business liability cyber- insurance 2 3 5 6 8 2002 2004 2006 2008 billion USD 6 billion USD 2 billion USD

ptimistic

forecast prudent forecast

Worldwide losses 2003: · about 13 billion USD (worms & viruses) · about 226 billion USD (all attacks)

SLIDE 5

CYBER-INSURANCE REVISITED 5

Liability unsolved Losses occur nevertheless: instead of the originator, the aggrieved party could demand coverage

How to Explain the Immature Market

Thesis 1: Thesis 2: Thesis 3: Thesis 4: Thesis 5:

Ref.: Schneier 2004, Borch 1995, Knowledge@Wharton 2001 (via news.com), CSO Magazine 2002

“New risks” lack actuarial data Early satellite starts got coverage as well Difficulty to substantiate claims Probably – can be interpreted as combination

f residual juridical risk together with high

transaction costs ... High probability of loss You can even insure warships at wartime Cyber-risks are accumulation risks Market concentration causes correlation of claims

SLIDE 6

CYBER-INSURANCE REVISITED 6

Recall: Economic Causes for Monoculture

Ref.: Shapiro & Varian 1999, Anderson 2001, a.o.

Dependencies in complementary markets Third-party vendors of supplementary products first support the dominant platform and thus contribute to increase its attraction Negligible marginal costs Low costs for additional output (e.g., copy

f a software CD) enables strategic pricing

and fosters predatory competition Network externalities Utility of a system increases with its market share, i.e., with the number of users of compatible devices (Metcalfe’s law)

SLIDE 7

CYBER-INSURANCE REVISITED 7

Liability, Risk Transfer, and Market Structure

Links to relevant literature

Our approach: software quality insurance market market structure – Kim, Chen & Mukhopadhyay, 2004 (WISE) product liablility software quality market structure – ⊗ Varian 2000, Anderson 2001, and others product liability insurance market software quality + +

SLIDE 8

CYBER-INSURANCE REVISITED 8

Implications of Market Structure

concentrated market structure Consequences for insurance companies? concurrent losses little diversity

f installed

systems identical vulnerabilities networking strategic adversaries +

SLIDE 9

CYBER-INSURANCE REVISITED 9

2

Explaining immature supply of cyber-insurance with concentration in equipment markets Model · Results · Interpretation

SLIDE 10

CYBER-INSURANCE REVISITED 10

Structure of the Domain

Economics of Insurance calculation of premiums moral hazard adverse selection life indemnity individual risk model compound risk model

SLIDE 11

CYBER-INSURANCE REVISITED 11

Supply-Side Model of General Indemnity Insurance

Portfolio of n independent Bernoulli-risks with probability of loss p. Expected total claim amount E(L) follows a Binomial distribution B(n,p). P(L=x) n E(L)

ε

c Premium must comprise additional safety loading to finance safety capital c, so that the probability of ruin of the insurance company keeps below a defined upper bound ε.

SLIDE 12

CYBER-INSURANCE REVISITED

individual risks (independent) Total probability of loss p = const ρ = .15

12

Indemnity Insurance for Correlated Risks

R1 R2 R3 Rn . . . individual loss variables

Single-Factor-Model

R0 systemic risk (e.g., virus attack) correlation

ρ

ρ = .00 Formulation as composition

f two Binomial distributions

depending on p, n, and ρ. ρ = .30

SLIDE 13

CYBER-INSURANCE REVISITED 13

Demand-Side Model for Cyber-Insurance

Two-State Model of Income

0.0

0.2 0.4 0.6 0.8 1.0 1.2 1.4 0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4

p = 0.05

Income in bad state Income in good state I 0 I1 N

U 1 U 2

σ = 2 Indifference curves according to CRRA utility function Individuals prefer · lower expected income · under certainty to · higher expected income · under uncertainty

Γmax

line of certainty

ΓE

net premium

max. safety loading

SLIDE 14

CYBER-INSURANCE REVISITED

No problem · Coverage for perils with high probability of loss · High risk averse individuals Explanation: The willingness to pay for these policies is generally high so that additional loading to compensate for the correlation remains relatively unimportant. Problem · “Small policies” against unlikely losses These are the mass market products that could deliver liquidity and volume to form a mature market for cyber-insurance

14

Results 1: Insurability of “Monocultures”

Upper bounds for correlation of claims ρ

Risk p I0 = 0.2 1.0 5.0 0.2 1.0 5.0 0.01 0.11 0.04 0.01 1.00 0.20 0.03 0.05 0.55 0.19 0.05 1.00 0.89 0.16 0.10 1.00 0.37 0.09 1.00 1.00 0.31 0.20 1.00 0.73 0.18 1.00 1.00 0.60 moderate (=1) strong (=3) Risk aversion of insurance holder

SLIDE 15

CYBER-INSURANCE REVISITED 15

Results 2: Advantage of Diversification

Alternative platform A · Total probability of loss p · Finite portfolio size n · No correlation of losses (plausible for virus contagion) Dominant platform D · Total probability of loss p · Large portfolio size (n→∞) · Correlation of losses ρ > 0

Comparison of two example platforms ...

SLIDE 16

CYBER-INSURANCE REVISITED

Premiums for Dominant and Alternative Platform

16

Conditional Advantage of Diversification

Portfolio size of alternative platform n Premium π 0.10 0.11 0.12 0.13 10 100 1000 10000 100000

πρ=0 p = 0.1

D dominant A alternative

πρ=0.01

nmin = 5000

+

πρ=0.2

nmin = 22

+

πρ=0.1

nmin = 80

+

πρ=0.05

nmin = 200

+

SLIDE 17

CYBER-INSURANCE REVISITED 17

Results 2: Advantage of Diversification

Alternative platform A · Total probability of loss p · Finite portfolio size n · No correlation of losses (plausible for virus contagion) Dominant platform D · Total probability of loss p · Large portfolio size (n→∞) · Correlation of losses ρ > 0

Comparison of two example platforms ... Result:

A minimum portfolio size of A is required before insurance premiums fall below the level of D. Market entry barrier

SLIDE 18

CYBER-INSURANCE REVISITED 18

Implications

Favorable economic effects Cyber-insurance moderates IT security investment, reduces residual risk, and creates incentives for R&D.

Frame:

Shortage of supply due to market structure Though demand for cyber-insurance exists, a monoculture of installed systems may thwart a market equilibrium.

Thesis 1:

Reciprocity of interventions Since market structure in the equipment market and conditions for cyber-insurance are linked, regulatory policies supporting cyber-insurance might cause a shift in market shares.

Thesis 2:

SLIDE 19

CYBER-INSURANCE REVISITED 19

Can Premiums Steal the Thunder of Market Power? N e t w

r

k e x t e r n a l i t i e s M a r g i n a l c

s

t s C

m

p l e m e n t a r y m a r k e t s P r e m i u m b e n e fi t

Does cyber-insurance, as pricing mechanism for security properties, outweigh the strong drivers to market concentration?

SLIDE 20

CYBER-INSURANCE REVISITED 20

Limitations

Comparison of platforms · Market position is likely to influence total probability of loss · Inclusion of transaction and monitoring costs might reveal advantages for the market leader (Metcalfe ... again!) Demand-side model · Partial coverage not regarded · Restricted to one class of utility functions (CRRA) · Difficulty to quantify losses left out Supply-side model · Naive selection of Bernoulli risks · Measure of dependence (correlation) unrealistic · Individual risk approach hinders empirical substantiation

Further interdisciplinary research needed

SLIDE 21

CYBER-INSURANCE REVISITED 21

Conclusion

“A trusted component or system is

ne which you can insure.”

Ross Anderson, ESORICS 1994 trustworthiness insurability market structure Shown here:

SLIDE 22

CYBER-INSURANCE REVISITED 22

Q&A

Rainer Böhme Institute for System Architecture rainer.boehme@inf.tu-dresden.de

Discussion Thanks for your attention.