Competitive Cyber-Insurance and Network Security Nikhil Shetty Galina Schwartz Mark Felegyhazi Jean Walrand EECS, UC-BerkeleyWEIS 2009 Presentation.

Slides:



Advertisements
Similar presentations
Optimal Contracts under Adverse Selection
Advertisements

1 Cyber Insurance and IT Security Investment: Impact of Interdependent Risk Hulisi Ogut, UT-Dallas Srinivasan Raghunathan, UT-Dallas Nirup Menon, UT-Dallas.
Economic Incentives to Increase Security in the Internet: the Case for Insurance Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) IEEE INFOCOM, Rio 2009.
Hal Varian Intermediate Microeconomics Chapter Thirty-Six
Network Security: an Economic Perspective Marc Lelarge (INRIA-ENS) currently visiting STANFORD TRUST seminar, Berkeley 2011.
EC 100 Week 2 LT.
ECON 100 Tutorial: Week 9 office: LUMS C85.
Bank Competition and Financial Stability: A General Equilibrium Expositi on Gianni De Nicolò International Monetary Fund and CESifo Marcella Lucchetta.
The Optimal Allocation of Risk James Mirrlees Chinese University of Hong Kong At Academia Sinica, Taipei 8 October 2010.
Chapter Thirty-Three Law and Economics. Effects of Laws u Property right assignments affect –asset, income and wealth distributions; v e.g. nationalized.
© 2009 Pearson Education Canada 20/1 Chapter 20 Asymmetric Information and Market Behaviour.
Slide 1  2002 South-Western Publishing An assumption of pure competition was complete knowledge of all market information. But knowledge can be unevenly.
Network Security An Economics Perspective IS250 Spring 2010 John Chuang.
Adverse Selection Asymmetric information is feature of many markets
Competitive Cyber-Insurance and Network Security Nikhil Shetty Galina Schwartz Mark Felegyhazi Jean Walrand EECS, UC-BerkeleyTRUST 2009 Presentation.
Vertical FDI, outsourcing and contracts Lessons 5 and 6 Giorgio Barba Navaretti Gargnano, June,
Bert Willems Cournot Competition, Financial Option Markets and Efficiency.
Lecture Presentation Software to accompany Investment Analysis and Portfolio Management Seventh Edition by Frank K. Reilly & Keith C. Brown Chapter.
Yale lectures 5 and 6 Nash Equilibrium – no individual can do strictly better by deviating – self enforcing in agreements Investment game – all invest.
L25 Asymmetric Information. Structure of the course 1) Consumers choice 2) Equilibrium, Producers (Pareto efficiency) 3) Market Failures - fixed cost:
The economics of information Information is valuable, since the right buyer is more likely to find the right seller Middleman is often knowledgeable about.
Chapter 9 THE ECONOMICS OF INFORMATION Copyright ©2002 by South-Western, a division of Thomson Learning. All rights reserved. MICROECONOMIC THEORY BASIC.
Monopolistic Competiton. Assumptions Many sellers and many buyers Slightly different products Easy entry and exit (low barriers)
Job Market Signaling (Spence model)
ANNOUNCEMENTS Review class: Monday, December 13 4:15-5:15, LC6 Final Exam: Friday, December 17 10:30-12:30, LC1 80 multiple choice choice questions Chapts.
Renegotiation Design with Unverifiable Info Dylan B. Minor.
Chapter 6 An Introduction to Portfolio Management.
Economics of Malware: Epidemic Risk Model, Network Externalities and Incentives. Marc Lelarge (INRIA-ENS) WEIS, University College London, June 2009.
General Equilibrium Analysis A Technological Advance: The Electronic Calculator Market Adjustment to Changes in Demand Formal Proof of a General Competitive.
Environmental Economics1 ECON 4910 Spring 2007 Environmental Economics Lecture 2 Chapter 6 Lecturer: Finn R. Førsund.
 How have you faced competition?  How would you define competition in economic terms?  What does perfect competition mean to you? DO NOW.
Introduction to Game Theory
Efficiency Loss in a Network Resource Allocation Game Paper by: Ramesh Johari, John N. Tsitsiklis [ Informs] Presented by: Gayatree Ganu.
Chapter 37 Asymmetric Information. Information in Competitive Markets In purely competitive markets all agents are fully informed about traded commodities.
Asymmetric Information
Lecture Presentation Software to accompany Investment Analysis and Portfolio Management Seventh Edition by Frank K. Reilly & Keith C. Brown Chapter 7.
Some Background Assumptions Markowitz Portfolio Theory
L25 Asymmetric Information. Road map 1) Consumers choice 2) Equilibrium, Producers (Pareto efficiency) 3) Market Failures - fixed cost: monopoly and oligopoly.
Asymmetric Information
Chapter 7: Market Structures Section 1. Slide 2 Copyright © Pearson Education, Inc.Chapter 7, Section 1 Objectives 1.Describe the four conditions that.
Lecture 3 Secondary Equity Markets - I. Trading motives Is it a zero-sum game? Building portfolio for a long run. Trading on information. Short-term speculation.
The I.O Approach. THE I.O. APPROACH Issues: Understanding the structure of competition among financial intermediaries Understanding the implications of.
Discussion of “De-Regulating Markets for Financial Information” by Pablo Kurlat and Laura Veldkamp ASSA Meetings, Chicago IL January 2012 Jonathan A. Parker.
Consumer Choice With Uncertainty Part II: Examples Agenda: 1.The Used Car Game 2.Insurance & The Death Spiral 3.The Market for Information 4.The Price.
Lecture 4 Strategic Interaction Game Theory Pricing in Imperfectly Competitive markets.
© 2010 W. W. Norton & Company, Inc. 37 Asymmetric Information.
Asymmetric Information
MIS An Economic Analysis of Software Market with Risk-Sharing Contract Byung Cho Kim Pei-Yu Chen Tridas Mukhopadhyay Tepper School of Business Carnegie.
Chapter 14 Equilibrium and Efficiency. What Makes a Market Competitive? Buyers and sellers have absolutely no effect on price Three characteristics: Absence.
Parallel Trade and the Pricing of Pharmaceutical Products Frank Müller-Langer Conference on „Health Economics and the Pharmaceutical Industry“
David Kilgour Lecture 4 1 Lecture 4 CAPM & Options Contemporary Issues in Corporate Finance.
Fundamental Characteristics of Financial Industry and Natural Evolution(I) Dr. J. D. Han.
Econ 2610: Principles of Microeconomics Yogesh Uppal
L27 Review. Exam u On 12 th of May, 17:05 19:05 p.m. room: B10, 19 Ingraham Hall u Cumulative (I know it is a lot of work!) u 2 hours (120 min)
Chapter Thirty-Six Asymmetric Information. Information in Competitive Markets u In purely competitive markets all agents are fully informed about traded.
Consumer Choice With Uncertainty Part II: Examples
Pär Holmberg, Research Institute of Industrial Economics (IFN)
Consumer Choice With Uncertainty Part II: Examples
Eco 3311 Lecture 12 One Period Closed Economy Model - Equilibrium
Asymmetric Information
Performance Pay and Offshoring
Asymmetric Information
Lecture 8 Asymmetric Information: Adverse Selection
For modeling conflict and cooperation Schwartz/Teneketzis
Markets with Asymmetric Information
THE FIRM AND ITS CUSTOMERS: PART 2
Tutorial 4: Asymmetric Information
Chapter Thirty-Three Law and Economics.
Asymmetric Information
Presentation transcript:

Competitive Cyber-Insurance and Network Security Nikhil Shetty Galina Schwartz Mark Felegyhazi Jean Walrand EECS, UC-BerkeleyWEIS 2009 Presentation

Plan of talk Model [no-insurance] Model + insurance, if user security –I. non-contractible –II. contractible Main results –In many cases, missing cyber-insurance market (if I.) –In general, network security worsens with cyber-insurers Discussion EECS, UC Berkeley Slide 2 of 25

Model [no-insurance] Players: Identical users –W - Wealth –D - Damage (if successful attack) –If successful attack, wealth is W- D –p – probability of successful attack –Risk-averse users EECS, UC Berkeley Slide 3 of 25

Probability of successful attack [interdependent security] Probability p depends on – user security (“private good”) AND –network security (“public good”) [externality] Interdependent security = externality: –Individual users: no effect on network security, but –User’s security choice affects network security EECS, UC BerkeleySlide 4 of 25

Network Security Popular - Varian (2002) (weakest link, best shot, total effort) Our assumptions about network security: –Idea: network security is a function of average user security –This paper: network security = average user security EECS, UC Berkeley Slide 5 of 25

User Utility User’s trade-off : Security vs convenience (usability) EECS, UC Berkeley Slide 6 of 25

Optimized User Utility A companion paper - similar results for general functions (f & h). This paper: After users optimize applications: EECS, UC Berkeley Slide 7 of 25

Nash Equil. vs Social Optimum [No-Insurance ] User Utility Nash equilibrium vs Social Optimum If D/W is small, security is zero (or close to 0) EECS, UC Berkeley Slide 8 of 25

Security: Nash vs Social Optimum EECS, UC Berkeley Slide 9 of 25

Model of competitive cyber-insurers We follow Rothschild & Stiglitz (1976) Each insurer offers a single contract. Nash equilibrium is a set of admissible contracts –i) each insurer’s profit is non-negative For a given set of offered contracts –ii) no entrant-insurer can enter and make a strictly positive profit –iii) no incumbent-insurer can increase his profit by altering his contract EECS, UC Berkeley Slide 10 of 25

Competitive cyber-insurers Insurers are risk neutral & each maximizes his profit Perfectly competitive insurers  zero profits We consider 2 cases. If user security is: –I. Non-contractible –II. Contractible – EECS, UC Berkeley Slide 11 of 25

Competitive cyber-insurers (cont.) Insurers: –free entry –zero operating costs –take network security as given Cases: if user security is I. Non-contractible – Contract prohibits purchasing extra coverage II. Contractible EECS, UC Berkeley Slide 12 of 25

Equilibrium with cyber-insurers From insurer competition: User chooses from which insurer to buy a contract  In equilibrium, all contracts give a user identical utility Only contracts maximizing user utility attract users  In equilibrium, all contracts maximize user utility User participation constraint must hold EECS, UC Berkeley Slide 13 of 25

I. non-contractible v ; extra coverage is prohibited If D < 8/9 W - Missing cyber-insurance market [no equilibrium with positive insurance coverage exists] If D > 8/9 W - equilibrium contract may exist but loss covered is small  market is small EECS, UC Berkeley Slide 14 of 25

Equilibrium security [I. non-contractible v ] When equilibrium with positive coverage exists, security worsens relative to no-insurance Nash Why security is worse? user’s incentives to invest in security worsen (risk is covered!) With insurance [& non-contractible v] –utility is higher than with no-insurance –but aggregate damage is higher too EECS, UC Berkeley Slide 15 of 25

II. contractible v EECS, UC Berkeley Slide 16 of 25

Equilibrium [II. contractible v ] In equilibrium, no user deviates to no insurance –If not, some insurer will offer contract with a deviating security level (with insurance, user utility is higher) Entire damage D is covered –If not, some insurer will offer a contract with a higher coverage  EECS, UC Berkeley Slide 17 of 25

Equilibrium security with insurance [II. contractible v ] Equilibrium contract –is unique –it covers the entire damage D We have: If D/W is very low: If D/W is high: EECS, UC Berkeley Slide 18 of 25

Security Levels [II. Contractible] EECS, UC Berkeley Slide 19 of 25

Conclusion Asymmetric information causes missing markets – A well know result of missing markets from the classical papers: Akerlof (1970) ; Rothschild and Stiglitz (1976) –Cyber-insurance is a convincing case of market failure 1. non-contractible user security (a lot of asymmetric info) –For most parameters, cyber insurance market is missing II. contractible user security (only some asymmetric info) –For most parameters, security worsens relative to no-insurance case EECS, UC Berkeley Slide 20 of 25

Missing cyber-insurance market & information asymmetries – a link Asymmetric information (present in our model): –I. non-contractible case: Insurers: no info about user security Insurers: no info about each other –II. Contractible case: Insurers: no info about each other Other info asymmetries could matter: –damage size and attack probability (for both, users & insurers) EECS, UC Berkeley Slide 21 of 25

Conclusion (c0nt.) Even if cyber insurance would exist, improved network security is unlikely –With cyber-insurers, user utility improves, but in general, network security worsens; sec. increases only if D/W is very low Insurers fail to improve security. Why? –Insurers free-ride on other insurers, which lowers security –Insurance is a tool for risk redistribution, not risk reduction EECS, UC Berkeley Slide 22 of 25

Extensions EECS, UC BerkeleySlide 23 of 25 Our setting: identical users –If user types differ: results should hold for each subtype Our setting: specific functions for user utility & security costs –A companion paper shows that most results holds for general functions

Cyber-insurers as car dealers: trading lemons? What do cyber-insurers sell? –Indulgences?? Are cyber insurers selling us the peace of mind? Connecting with the next talk: Developing security ratings: how to get from I. (non- contractible v) to II. (contractible v)? EECS, UC Berkeley Slide 24 of 25

How to? Problems to resolve (for cyber-insurance to take off) –Reduce information asymmetries (tools: disclosure laws, requirements on standard (defaults) settings on security software … ) –Reduce network externalities (tools: imposition of limited user liability, i.e., mandating user security level) But – this is very difficult (technologically and politically) EECS, UC Berkeley Slide 25 of 25

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.