Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.11851/6470
Title: Cyber Security Risk Management: Public Policy Implications of Correlated Risk, Imperfect Ability to Prove Loss, and Observability of Self-Protection
Authors: Ögüt, Hulisi
Raghunathan, Şrinivaşan
Menon, Nirup
Keywords: Cyber security
insurance
risk management
Publisher: Wiley
Abstract: The correlated nature of security breach risks, the imperfect ability to prove loss from a breach to an insurer, and the inability of insurers and external agents to observe firms' self-protection efforts have posed significant challenges to cyber security risk management. Our analysis finds that a firm invests less than the social optimal levels in self-protection and in insurance when risks are correlated and the ability to prove loss is imperfect. We find that the appropriate social intervention policy to induce a firm to invest at socially optimal levels depends on whether insurers can verify a firm's self-protection levels. If self-protection of a firm is observable to an insurer so that it can design a contract that is contingent on the self-protection level, then self-protection and insurance behave as complements. In this case, a social planner can induce a firm to choose the socially optimal self-protection and insurance levels by offering a subsidy on self-protection. We also find that providing a subsidy on insurance does not provide a similar inducement to a firm. If self-protection of a firm is not observable to an insurer, then self-protection and insurance behave as substitutes. In this case, a social planner should tax the insurance premium to achieve socially optimal results. The results of our analysis hold regardless of whether the insurance market is perfectly competitive or not, implying that solely reforming the currently imperfect insurance market is insufficient to achieve the efficient outcome in cyber security risk management.
URI: https://doi.org/10.1111/j.1539-6924.2010.01478.x
https://hdl.handle.net/20.500.11851/6470
ISSN: 0272-4332
1539-6924
Appears in Collections:İşletme Bölümü / Department of Management
PubMed İndeksli Yayınlar Koleksiyonu / PubMed Indexed Publications Collection
Scopus İndeksli Yayınlar Koleksiyonu / Scopus Indexed Publications Collection
WoS İndeksli Yayınlar Koleksiyonu / WoS Indexed Publications Collection

Show full item record



CORE Recommender

SCOPUSTM   
Citations

41
checked on Mar 23, 2024

WEB OF SCIENCETM
Citations

43
checked on Mar 9, 2024

Page view(s)

34
checked on Mar 25, 2024

Google ScholarTM

Check




Altmetric


Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.