Research On Cyber Insurance Strategy With Interdependent Security Risks

Information system risk has generally become a great challenge for individuals and organizations around the world.As information system risk develops rapidly and the interdependence degree grows quickly,the importance and complexity of information system security have attract considerable attention by related companies.A company's possibility of getting attacked and suffering loss depends not only on its own security investment level,but also on the various security investment strategies of other players in the network.Therefore,the negative externality of information security investment often causes an insufficient security investment level.Cyber insurance could improve the information security investment level and therefore lead to better social security level.This paper firstly studies the influence of the public goods characteristics of cyber insurance on companies' information system security investment strategies.A company's information system security investment can be divided into self-protection investment,which has a private good feature,and cyber insurance,which has a public goods feature.Based on related research on public goods works,this paper discusses the self-protection and insurance investment strategies of the policy holders in both the weakest-link and partial-correlation cases.Secondly,in order to further emphasize and discuss the effect of information system security's characteristics,functions and parameter settings of the model are improved in section three and a two-stage game model is re-established to calculate policy holder's optimal information security investment level and insurer's optimal pricing strategy.When the insurer designs its insurance contract,it should take consideration of the peculiar characteristics of information system security risks,especially the interdependent risks and companies' risk aversion etc.Game theory and economic principles are used to calculate the policyholder's optimal security investment strategy,and the result shows that cyber insurance could effectively encourage companies to increase information system security investment and lead to a higher network security level.Finally,numerical analysis is used to verify the results and conclusions of the model,and more detailed discussions are presented according to some related factors in our model.The numerical results effectively confirm the analytical conclusions.