Embracing Risk

This book provides an introduction to the theory and practice of cyber insurance. Insurance as an economic instrument designed for risk management through risk spreading has existed for centuries. Cyber insurance is one of the newest sub-categories of this old instrument. It emerged in the 1990s in response to an increasing impact that information security started to have on business operations. For much of its existence, the practice of cyber insurance has been on how to obtain accurate actuarial information to inform specifics of a cyber insurance contract. As the cybersecurity threat landscape continues to bring about novel forms of attacks and losses, ransomware insurance being the latest example, the insurance practice is also evolving in terms of what types of losses are covered, what are excluded, and how cyber insurance intersects with traditional casualty and property insurance. The central focus, however, has continued to be risk management through risk transfer, the key functionality of insurance. The goal of this book is to shift the focus from this conventional view of using insurance as primarily a risk management mechanism to one of risk control and reduction by looking for ways to re-align the incentives. On this front we have encouraging results that suggest the validity of using insurance as an effective economic and incentive tool to control cyber risk. This book is intended for someone interested in obtaining a quantitative understanding of cyber insurance and how innovation is possible around this centuries-old financial instrument.

Auteur

Mingyan Liu is the Peter and Evelyn Fuss Chair of Electrical and Computer Engineering at the University of Michigan. She received her B.Sc. in electrical engineering in 1995 from Nanjing University of Aeronautics and Astronautics, Nanjing, China, M.Sc. in systems engineering, and Ph.D. in electrical engineering from the University of Maryland, College Park, in 1997 and 2000, respectively. She joined the Department of Electrical Engineering and Computer Science at the University of Michigan, Ann Arbor, in September 2000, where she is currently a Professor. Her research interests are in optimal resource allocation, sequential decision theory, incentive design, and performance modeling and analysis, all within the context of large-scale networked systems. Her most recent research activities involve cyber risk quantification and designing cybersecurity incentive mechanisms using large-scale Internet measurement data and machine learning techniques. She is the recipient of the 2002 NSF CAREER Award, the University of Michigan Elizabeth C. Crosby Research Award in 2003 and 2014, the 2010 EECS Department Outstanding Achievement Award, the 2015 College of Engineering Excellence in Education Award, the 2017 College of Engineering Excellence in Service Award, and the 2018 Distinguished University Innovator Award. She is a Fellow of the IEEE and a member of the ACM.

Contenu
Preface.- Acknowledgments.- Introduction: What is Insurance and What is Cyber Insurance?.- A Basic Cyber Insurance Contract Model.- Insuring Clients with Dependent Risks.- A Practical Underwriting Process.- How to Pre-Screen: Risk Assessment Using Data Analytics.- Open Problems and Closing Thoughts.- Bibliography.- Author's Biography.