Abstract
Recent work in security has illustrated that solutions aimed at detection and elimination of security threats alone are unlikely to result in a robust cyberspace. As an orthogonal approach to mitigating security problems, some researchers have pursued the use of cyber-insurance as a suitable risk management technique. In this regard, a recent work by the authors in [1] have proposed efficient monopoly cyberinsurance markets that maximize social welfare of users in a communication network via premium discriminating them. However, the work has a major drawback in the insurer not being able to make strictly positive profit in expectation, which in turn might lead to unsuccessful insurance markets. In this paper, we provide a method (based on the model in [1]) to overcome this drawback for the risk-averse premium discriminating monopoly cyber-insurer, and prove it in theory. More specifically, we propose a non-regulatory mechanism to allow monopoly cyber-insurers to make strictly positive profit in expectation. To investigate the general effectiveness of our mechanism beyond a monopoly setting with full coverage, we conduct numerical experiments (comparing social welfare at market equilibrium) on (a) practical Internet-scale network topologies that are formed by users who are free to decide for themselves whether they want to purchase insurance or not, (b) settings of perfect and imperfect market competition, and (c) scenarios with partial insurance coverage.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
