supporting cyberinsurance from a behavioural choice
play

Supporting Cyberinsurance from a Behavioural Choice Perspective Dr. - PowerPoint PPT Presentation

Sep 18, 2023 •529 likes •968 views

Supporting Cyberinsurance from a Behavioural Choice Perspective Dr. Katsiaryna (Kate) Labunets 1 Outline Who am I? Definitions Project details Research questions 2 Dr. Kate Labunets MSc in Mathematics PhD Candidate

  1. Supporting Cyberinsurance from a Behavioural Choice Perspective Dr. Katsiaryna (Kate) Labunets 1

  2. Outline • Who am I? • Definitions • Project details • Research questions 2

  3. Dr. Kate Labunets MSc in Mathematics PhD Candidate Postdoc in Cyber insurance Belarusian State University, University of Trento, Italy TBM, TU Delft, Netherlands Minsk, Belarus Nov 2011 - April 2016 June 2017 - Present 2004 - 2010 Business Systems Analyst Postdoc in Empirical Security Outsourcing software development DISI, University of Trento, Italy company in Minsk, Belarus June 2016 - May 2017 2008 - 2011 3

  4. Research background • PhD Thesis : Security Risk Assessment (SRA) Methods: An Evaluation Framework and Theoretical Model of the Criteria Behind Methods’ Success. • Research interests : security risk assessment, cyber insurance, empirical methods, comprehensibility of risk models 4

  5. Definitions 5

  6. Definitions [1/2] • Risk is the likelihood of an incident and its impact for an asset (e.g., organizational processes, functions, reputation). • Cyberspace is the complex environment resulting from the interaction of people, software and services on the Internet, supported by worldwide distributed physical information and communications technology (ICT) devices and connected networks. [ISO 27032] Cyberspace + Risk = Cyber Risk 6

  7. Definitions [2/2] • Cyber insurance (CI) is "protection against losses related to cyber risks, such as data theft/loss, business interruption caused by a computer malfunction or virus, and fines or lost income because of system downtime, network intrusion and/or information security breaches" [Gartner, 2015]. • Insured is a "party that asks for insurance and would like to transfer its risk" [Marotta et al., 2017]. • Insurer (insurance company) is a "party that assumes risks of another party in exchange for payment" [Marotta et al., 2017]. Gartner, “ Five Tips for Companies Considering Cyber Insurance, ” 2015. Available: http://blogs.gartner.com/john-wheeler/five-tips-for-companies- considering-cyber-insurance/ Marotta et al., "Cyber-insurance survey". Computer Science Review , 2017 7

  8. CYBECO project 8

  9. Motivation [1/3] World Economic Forum "The Global Risks Interconnections Map 2017". Link: 9 http://reports.weforum.org/global-risks-2017/global-risks-landscape-2017/

  10. Motivation [1/3] World Economic Forum "The Global Risks Interconnections Map 2017". Link: 10 http://reports.weforum.org/global-risks-2017/global-risks-landscape-2017/

  11. Motivation [1/3] World Economic Forum "The Global Risks Interconnections Map 2017". Link: 11 http://reports.weforum.org/global-risks-2017/global-risks-landscape-2017/

  12. Motivation [2/3] Extreme cyber-attack could cost as much as Superstorm Sandy in 2012: $53bn of economic losses Lloyd's, “Counting the cost: cyber exposure decoded”, 2017. https://goo.gl/fSFq9B 12

  13. Motivation [3/3] Demand is growing Advisen, “Information Security and Cyber Liability Risk Management”, 2015. http://bit.ly/1M9Gyp0 13

  14. Challenges • Dealing with intelligent adversaries and intentionality – Not well covered in standard cyber risk management • Lack of data about cyber attacks – new regulations are coming (in 2018) • General Data Protection Regulation (GDPR) • Directive on security of network and information systems (NIS) – alleviate by using Structured Expert Judgment • Poor support of cyber insurance within current cyber risk management frameworks • Poor guidance and lack of a proper information for companies looking for cyber insurance 14

  15. Project details • Title: Supporting Cyberinsurance from a Behavioural Choice Perspective • Duration: May 2017 - April 2019 (2 years) • Program: H2020 • 7 partners: – 1 coordinator company (Greece), – 2 universities (NL + UK), – 2 scientific companies (both from Spain), – 1 software development company (supposed to be from Luxembourg, but in reality... Greece ), – 1 cyber insurance provider (AXA France) 15

  16. The structure of CYBECO goals Choice behaviour Choice behaviour Choice behaviour of insurance of cyber threats of IT owners companies Risk generation Risk Insurance Risk assessment contracts transfer Risk reduction 16

  17. CYBECO objectives [1/2] • Understand better how the CI ecosystem works in practice – key driver behind decision making process when insureds buy CI, – behavioural aspects in CI ecosystem (e.g., how company's behaviour changes when they have a CI) . • Identify possible gaps in the key directives, standards and services in order to improve CI practice. 17

  18. CYBECO objectives [2/2] • Provide a tool support for security risk management with – new models that incorporate CI, – behavioural nudges in cyber security and insurance. 18

  19. Cyber insurance ecosystem 19

  20. RQ1: How CI ecosystem works [1/3] ● [RQ1.1] What are the key (behavioural) drivers for buying CI? ○ Initial interview + a large scale survey with two groups of companies: ■ already bought CI ■ failed to buy CI (i.e. they considered this option) 20

  21. Somebody ? might go IT company to jail Cyber risk Do you want to Company may buy a cyber Decision lose money or insurance? reputation Everybody Cyber has a cyber insurance insurance policy 21

  22. RQ1: How CI ecosystem works [2/3] ● [RQ1.2] What are the relations between risk level, client's behavior, CI policy and premiums? ○ Agent based modeling (ABM) 22

  23. ABM for Cyber Security [1/2] MSc thesis: "The Vulnerability Ecosystem: Exploring vulnerability discovery and the resulting cyberattacks through agent-based modelling" by Y. Breukers 23

  24. ABM for Cyber Security [2/2] 24

  25. RQ1: How CI ecosystem works [3/3] ● [RQ1.3] How risk perception affects insured's decision on buying CI? ○ Behavioural experiments based on ■ prospect theory ■ protection motivation theory 25

  26. Prospect theory People make decision based on the potential value of losses and gains Wikipedia "Prospect theory". Link: https://en.wikipedia.org/wiki/Prospect_theory 26

  27. Protection motivation theory People protect themselves based on four factors: a. the perceived severity of a threatening event, b. the perceived probability of the occurrence, or vulnerability, c. the efficacy of the recommended preventive behavior, d. the perceived self efficacy. Wikipedia "Protection Motivation Theory". Link: https://en.wikipedia.org/wiki/Protection_motivation_theory 27

  28. RQ2: CI policy complexity How the complexity of the policy affects insured's decision to buy CI? Simple Complex and vs. and cheap expensive HDI Cyber insurance https://www.hdi.global/nl/nl/insurance/cyber AIG CyberEdge 28 https://www.aiginsurance.nl/bedrijf/producten/financieel-lijnen/cyberedge

  29. RQ2: Simple policy HDI Global offers Internetbankierfraudeverzekering , a cyber insurance which covers the losses only from online banking fraud Premiums Deductibles HDI Cyber insurance https://www.hdi.global/nl/nl/insurance/cyber 29

  30. RQ2: Complex policy [1/2] • AIG group offers CyberEdge insurance policy that covers: – 3rd party security and privacy claims, – network business interruption, – security failure at outsourced service provider, – electronic data incidents, – cyber extortion, – etc. 30

  31. RQ2: Complex policy [2/2] Deductibles Premiums AIG CyberEdge https://www.aiginsurance.nl/bedrijf/producten/financieel-lijnen/cyberedge 31

  32. More than cyber insurance "Insurance institutions are doing something more than transferring risk—they are actively managing the underlying risk of data breach." [Talesh, 2017] Talesh, "Data Breach, Privacy, and Cyber Insurance: How Insurance Companies Act as “Compliance Managers” for Businesses". Law & Social Inquiry , 2017 32

  33. RQ3: Risk management • What can motivate insureds to maintain a certain level of security? – Premium discounts as an incentive to implement recommended security controls • How to link premiums reduction to security controls to have a better risk reduction? – Select controls that differentiate between clients (10-70%) – Data-driven selection based on the available information about incidents and implemented (or absent) security controls 33

  34. RQ4: Interdependent security • How the implementation of a particular security control affects the risk level of other insureds? – Better security of one insured => higher risk level for others? – Is the overall level of a specific risk constant to some extent? – Where to use adversarial risk models or probabilistic models Agent-based modeling + empirical validation 34

  35. RQ5: Low-cost security evaluation • What is a cheap alternative to a thorough (and expensive) security risk assessment? – Questionnaire-based evaluation • Is it effective for cyber insurance? – Rank insureds based on information about companies that reported security incidents • Do insurers have data? – Security reputation metrics Benchmark the alternatives on the results from the real security risk assessments 35

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CYBECO: Supporting Cyberinsurance from a Behavioural Choice Perspective Lorentz

CYBECO: Supporting Cyberinsurance from a Behavioural Choice Perspective Lorentz

CYBECO: Supporting Cyberinsurance from a Behavioural Choice Perspective Lorentz Cyberinsurance Open Day March 27, 2019 Objective Research and develop a framework for managing cybersecurity risks, focused on cyberinsurance as key risk

820 views • 43 slides
Supporting Behavioural Change in Parents Using Motivational Interviewing 1 Case Example Kit is

Supporting Behavioural Change in Parents Using Motivational Interviewing 1 Case Example Kit is

MODULE 4 Supporting Behavioural Change in Parents Using Motivational Interviewing 1 Case Example Kit is a 35-year old woman in a stable relationship with a young child aged 18 months. She is also pregnant in her second trimester right now.

389 views • 26 slides
OUR PROPOSITION evidence-based Supporting: behavioural science to help you cultivate

OUR PROPOSITION evidence-based Supporting: behavioural science to help you cultivate

OUR PROPOSITION evidence-based Supporting: behavioural science to help you cultivate You skills to allow you to Other people be the person youd Organisations like to be more often Leaders 2 2 WHY? Our

410 views • 15 slides
GDPR is here. Is your cyberinsurance ready? By James E. Scheuermann, Esq., Lucas J. Tanglen, Esq.,

GDPR is here. Is your cyberinsurance ready? By James E. Scheuermann, Esq., Lucas J. Tanglen, Esq.,

THOMSON REUTERS GDPR is here. Is your cyberinsurance ready? By James E. Scheuermann, Esq., Lucas J. Tanglen, Esq., and Reymond E. Yammine, Esq., K&L Gates AUGUST 3, 2018 The European Unions General Data Protection Regulation, Violations

320 views • 4 slides
Supporting Aged Care Nursing Staff to Manage Behavioural and Psychological Symptoms of Dementia:

Supporting Aged Care Nursing Staff to Manage Behavioural and Psychological Symptoms of Dementia:

Faculty of Health Supporting Aged Care Nursing Staff to Manage Behavioural and Psychological Symptoms of Dementia: iSeeBehaviour. Dr Lisa Clinnick ACU/Ballarat Health Services Professor Britt Klein - FedUni Associate Professor Andrew

221 views • 20 slides
Behavioural Supports Ontario Supporting Older Adults with Responsive Behaviours Dana Vladescu-

Behavioural Supports Ontario Supporting Older Adults with Responsive Behaviours Dana Vladescu-

Behavioural Supports Ontario Supporting Older Adults with Responsive Behaviours Dana Vladescu- HNHB BSO Community Outreach Team Manager Terri Glover- HNHB BSO LTC Mobile Team Manager Kathy Peters- HNHB BSO Coordinator January 28, 2015 Agenda

400 views • 36 slides
Advance Designation: Supporting Autonomy and Personal Choice in Representative Payment Kathryn

Advance Designation: Supporting Autonomy and Personal Choice in Representative Payment Kathryn

Advance Designation: Supporting Autonomy and Personal Choice in Representative Payment Kathryn Olson Democratic Staff Director, Subcommittee on Social Security House Committee on Ways and Means SSA National Disability Forum, October 30, 2018

109 views • 8 slides
What is really behavioural in behavioural health policy? Matteo M Galizzi

What is really behavioural in behavioural health policy? Matteo M Galizzi

What is really behavioural in behavioural health policy? Matteo M Galizzi m.m.galizzi@lse.ac.uk LSE Behavioural Research Lab LSE Health and Social Care Department of Social Policy Centre for the Study of Incentives in Health Paris School

1.45k views • 116 slides
ENHANCING BEHAVIOURAL INSIGHTS TO CREATE SUSTAINBLE BEHAVIOURAL CHANGE AT WORK Date: 16 TH APRIL

ENHANCING BEHAVIOURAL INSIGHTS TO CREATE SUSTAINBLE BEHAVIOURAL CHANGE AT WORK Date: 16 TH APRIL

ENHANCING BEHAVIOURAL INSIGHTS TO CREATE SUSTAINBLE BEHAVIOURAL CHANGE AT WORK Date: 16 TH APRIL 2020 Presenter: ISAAC PETER CEO & Principal Consultant ENHANCING BEHAVIOURAL INSIGHTS TO CREATE SUSTAINBLE BEHAVIOURAL CHANGE AT WORK

449 views • 32 slides
PPI PENSIONS POLICY INSTITUTE Freedom and Choice in Pensions PPI Supporting Members Event

PPI PENSIONS POLICY INSTITUTE Freedom and Choice in Pensions PPI Supporting Members Event

PPI PENSIONS POLICY INSTITUTE Freedom and Choice in Pensions PPI Supporting Members Event Monday 12 May 2014 Event kindly hosted by: PPI PENSIONS POLICY INSTITUTE Welcome from the Chair Chris Curry, Director of the PPI Tweet:

772 views • 20 slides
How Freedom of Choice Influences Well-being #LSEChoices Professor Simona Botti Professor of

How Freedom of Choice Influences Well-being #LSEChoices Professor Simona Botti Professor of

How Freedom of Choice Influences Well-being #LSEChoices Professor Simona Botti Professor of Marketing at the London Business School Chair: Dr Barbara Fasolo Associate Professor of Behavioural Science at LSE's Department of Management Hosted by

375 views • 26 slides
AFR RETAIL SUMMIT AFR RETAIL SUMMIT PARALLELS GFC TO NOW BROADER BEHAVIOURAL SHIFTS LONG TERM

AFR RETAIL SUMMIT AFR RETAIL SUMMIT PARALLELS GFC TO NOW BROADER BEHAVIOURAL SHIFTS LONG TERM

AFR RETAIL SUMMIT AFR RETAIL SUMMIT PARALLELS GFC TO NOW BROADER BEHAVIOURAL SHIFTS LONG TERM STEP CHANGE FOR RETAIL SPEND MILLENNIALS AND GEN Z RETAIL AND RETAIL AND CUSTOMER INSIGHTS SUPPORTING MERCHANTS Afterpay Day sale: biggest on

612 views • 24 slides
Applying Behavioural Insights to Public Policy Simon Ruda Outline 1. What are behavioural

Applying Behavioural Insights to Public Policy Simon Ruda Outline 1. What are behavioural

Applying Behavioural Insights to Public Policy Simon Ruda Outline 1. What are behavioural insights? 2. Who are the Behavioural Insights Team? 3. How can we apply behavioural insights to public policy? What are Behavioural Insights?

626 views • 51 slides
Lexico-grammatical Features of the Behavioural Process 1 L U C Y C H R I S P I N C A R D I F F

Lexico-grammatical Features of the Behavioural Process 1 L U C Y C H R I S P I N C A R D I F F

An Investigation into the Lexico-grammatical Features of the Behavioural Process 1 L U C Y C H R I S P I N C A R D I F F U N I V E R S I T Y Outline 2 Overview of Systemic Functional Linguistics (Halliday 1994) and the Behavioural

618 views • 29 slides
Supporting a Range of Math Learners Menus and Choice Boards Summer 2020 | Tanaga Rodgers

Supporting a Range of Math Learners Menus and Choice Boards Summer 2020 | Tanaga Rodgers

Supporting a Range of Math Learners Menus and Choice Boards Summer 2020 | Tanaga Rodgers Viewing Mode selecting viewing mode upon arrival Choose Floating Panel View mode for optimal viewing 2 Meeting Center Tools HMH (Host) Audio to

945 views • 39 slides
CHOICE and CHANGE Towards a Design Framework of Digital Interactive Narrative for Behaviour

CHOICE and CHANGE Towards a Design Framework of Digital Interactive Narrative for Behaviour

PhD CONFIRMATION PRESENTATION CHOICE and CHANGE Towards a Design Framework of Digital Interactive Narrative for Behaviour Change Place your image here choose mask image - select circle shape JANE COCKS Bachelor of Behavioural Science

499 views • 15 slides
Physically Restricted Authentication and Encryption for Cyber-physical Systems Michael

Physically Restricted Authentication and Encryption for Cyber-physical Systems Michael

11/12/09 Physically Restricted Authentication and Encryption for Cyber-physical Systems Michael Kirkpatrick, Elisa Bertino Purdue University Frederick Sheldon Oak Ridge National Laboratory DHS: S&T Workshop on Future Directions in

438 views • 4 slides
Cyber Defense: three fundamental steps Giorgio Mosca Strategy and Technology Director It

Cyber Defense: three fundamental steps Giorgio Mosca Strategy and Technology Director It

Cyber Defense: three fundamental steps Giorgio Mosca Strategy and Technology Director It would seem that Caesar's recurrent and deep-rooted fault was his concentration in pursuing the objective immediately in front of his eyes to the

847 views • 16 slides
Hi Tech Hi Touch Hebrews 10:24-25 Consecrate: Hi Tech Hi Touch Hi Tech Hi Touch

Hi Tech Hi Touch Hebrews 10:24-25 Consecrate: Hi Tech Hi Touch Hi Tech Hi Touch

3/20/2018 Hi Tech Hi Touch Hebrews 10:24-25 Consecrate: Hi Tech Hi Touch Hi Tech Hi Touch Smart Phones to Make or declare Toys Tools A Terror? Tablets something sacred, Laptop Computers that is to purposefully

414 views • 7 slides
NCSL CYBERSECURITY TASK FORCE Federal and State Updates APRIL 28, 2020 COVID-19 WEB PAGE

NCSL CYBERSECURITY TASK FORCE Federal and State Updates APRIL 28, 2020 COVID-19 WEB PAGE

NCSL CYBERSECURITY TASK FORCE Federal and State Updates APRIL 28, 2020 COVID-19 WEB PAGE Information on state policies and responses related to continuity of government, education, fiscal, elections, criminal justice and more. Go to

319 views • 11 slides
Cyber risk and insurance Dr. Katsiaryna (Kate) Labunets Safety and Security Sciences group TPM,

Cyber risk and insurance Dr. Katsiaryna (Kate) Labunets Safety and Security Sciences group TPM,

Cyber risk and insurance Dr. Katsiaryna (Kate) Labunets Safety and Security Sciences group TPM, TU Delft E: k.labunets@tudelft.nl 1 Outline Who am I? Definitions Motivation Cyber insurance market: Current practice

828 views • 46 slides
The Cybersecurity Pipeline Or: How I Learned to Start Worrying and Love a Chicken and Egg Problem

The Cybersecurity Pipeline Or: How I Learned to Start Worrying and Love a Chicken and Egg Problem

The Cybersecurity Pipeline Or: How I Learned to Start Worrying and Love a Chicken and Egg Problem Emily E. Reid How I Got Interested in this Problem All images: Wikimedia Commons 2017 By the Numbers: Computer Science Pipeline CRA Table &

453 views • 12 slides
Slides (for Schools Use) to Brief Parents on Cyber Wellness Outline of Presentation To share on:

Slides (for Schools Use) to Brief Parents on Cyber Wellness Outline of Presentation To share on:

Slides (for Schools Use) to Brief Parents on Cyber Wellness Outline of Presentation To share on: Trends on Online Usage and Habits Online Risks and Opportunities for Students MOEs Cyber Wellness Education Parents as Partners

1.31k views • 26 slides
NDTA Fall ll Conference (Oct 5-7, 2020) USTRANSCOM and In Industry Cy Cyber Panel el dis iscu

NDTA Fall ll Conference (Oct 5-7, 2020) USTRANSCOM and In Industry Cy Cyber Panel el dis iscu

NDTA Fall ll Conference (Oct 5-7, 2020) USTRANSCOM and In Industry Cy Cyber Panel el dis iscu cussion with ith gr ground veh ehicl icle flee fleet provid iders https://www.ndtahq.com/events /fall-meeting/agenda/ Vehicle fleet Cyber

603 views • 26 slides

More recommend