Competitive Cyber-Insurance and Network Security Nikhil Shetty Galina Schwartz Mark Felegyhazi Jean Walrand EECS, UC-BerkeleyTRUST 2009 Presentation.

Slides:



Advertisements
Similar presentations
Optimal Contracts under Adverse Selection
Advertisements

1 Cyber Insurance and IT Security Investment: Impact of Interdependent Risk Hulisi Ogut, UT-Dallas Srinivasan Raghunathan, UT-Dallas Nirup Menon, UT-Dallas.
Economic Incentives to Increase Security in the Internet: the Case for Insurance Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) IEEE INFOCOM, Rio 2009.
Hal Varian Intermediate Microeconomics Chapter Thirty-Six
ECON 100 Tutorial: Week 9 office: LUMS C85.
Bank Competition and Financial Stability: A General Equilibrium Expositi on Gianni De Nicolò International Monetary Fund and CESifo Marcella Lucchetta.
Contracts and Mechanism Design What Contracts Accomplish Moral Hazard Adverse Selection (if time: Signaling)
FINANCING UNDER ASYMMETRIC INFORMATION 3th set of transparencies for ToCF.
Interbank Market Liquidity and Central Bank Intervention Franklin Allen Elena Carletti University of Pennsylvania University of Frankfurt and CFS Douglas.
Thomas Berry-Stölzle Hendrik Kläver Shen Qiu Terry College of Business University of Georgia Should Life Insurance Companies Invest in Hedge Funds? Financial.
The Optimal Allocation of Risk James Mirrlees Chinese University of Hong Kong At Academia Sinica, Taipei 8 October 2010.
Chapter Thirty-Three Law and Economics. Effects of Laws u Property right assignments affect –asset, income and wealth distributions; v e.g. nationalized.
© 2009 Pearson Education Canada 20/1 Chapter 20 Asymmetric Information and Market Behaviour.
Competitive Cyber-Insurance and Network Security Nikhil Shetty Galina Schwartz Mark Felegyhazi Jean Walrand EECS, UC-BerkeleyWEIS 2009 Presentation.
Network Security An Economics Perspective IS250 Spring 2010 John Chuang.
Adverse Selection Asymmetric information is feature of many markets
Why Trade Liberalization may not be good
Bert Willems Cournot Competition, Financial Option Markets and Efficiency.
Yale lectures 5 and 6 Nash Equilibrium – no individual can do strictly better by deviating – self enforcing in agreements Investment game – all invest.
Investment. An Investor’s Perspective An investor has two choices in investment. Risk free asset and risky asset For simplicity, the return on risk free.
The economics of information Information is valuable, since the right buyer is more likely to find the right seller Middleman is often knowledgeable about.
Chapter 9 THE ECONOMICS OF INFORMATION Copyright ©2002 by South-Western, a division of Thomson Learning. All rights reserved. MICROECONOMIC THEORY BASIC.
Efficient Portfolios MGT 4850 Spring 2008 University of Lethbridge.
Monopolistic Competiton. Assumptions Many sellers and many buyers Slightly different products Easy entry and exit (low barriers)
Job Market Signaling (Spence model)
Renegotiation Design with Unverifiable Info Dylan B. Minor.
-1- Entrance of Cable TV Service Provider into Broadband Internet Service Market : Service Bundling and Role of Access Charge By Jae-Hyeon Ahn, Jungsuk.
Chapter 6 An Introduction to Portfolio Management.
Managerial Economics and Organizational Architecture, 5e Managerial Economics and Organizational Architecture, 5e Chapter 21: Understanding the Business.
General Equilibrium Analysis A Technological Advance: The Electronic Calculator Market Adjustment to Changes in Demand Formal Proof of a General Competitive.
Industrial Economics Fall INFORMATION Basic economic theories: Full (perfect) information In reality, information is limited. Consumers do not know.
Environmental Economics1 ECON 4910 Spring 2007 Environmental Economics Lecture 2 Chapter 6 Lecturer: Finn R. Førsund.
 How have you faced competition?  How would you define competition in economic terms?  What does perfect competition mean to you? DO NOW.
Introduction to Game Theory
Chapter 37 Asymmetric Information. Information in Competitive Markets In purely competitive markets all agents are fully informed about traded commodities.
Asymmetric Information
Lecture Presentation Software to accompany Investment Analysis and Portfolio Management Seventh Edition by Frank K. Reilly & Keith C. Brown Chapter 7.
Econ 208 Marek Kapicka Lecture 11 Redistributive Taxation Ricardian Equivalence.
Fundamental Characteristics of Financial Industry and Natural Evolution(I) Dr. J. D. Han.
Asymmetric Information
Online Financial Intermediation. Types of Intermediaries Brokers –Match buyers and sellers Retailers –Buy products from sellers and resell to buyers Transformers.
Lecture 3 Secondary Equity Markets - I. Trading motives Is it a zero-sum game? Building portfolio for a long run. Trading on information. Short-term speculation.
Chapter 2: The Financial System 1. Evil and Brilliant Financiers? Financiers are not innately good or evil but rather, like other people, can be either,
Discussion of “De-Regulating Markets for Financial Information” by Pablo Kurlat and Laura Veldkamp ASSA Meetings, Chicago IL January 2012 Jonathan A. Parker.
Consumer Choice With Uncertainty Part II: Examples Agenda: 1.The Used Car Game 2.Insurance & The Death Spiral 3.The Market for Information 4.The Price.
© 2010 W. W. Norton & Company, Inc. 37 Asymmetric Information.
Asymmetric Information
MIS An Economic Analysis of Software Market with Risk-Sharing Contract Byung Cho Kim Pei-Yu Chen Tridas Mukhopadhyay Tepper School of Business Carnegie.
Investment Analysis and Portfolio Management First Canadian Edition By Reilly, Brown, Hedges, Chang 6.
Parallel Trade and the Pricing of Pharmaceutical Products Frank Müller-Langer Conference on „Health Economics and the Pharmaceutical Industry“
David Kilgour Lecture 4 1 Lecture 4 CAPM & Options Contemporary Issues in Corporate Finance.
1. Introduction to Price Fixing: Legal and Economic Foundations Antitrust Law Fall 2015 NYU School of Law Dale Collins SLIDES FOR CLASS.
Externalities in Communications and Information Technology: Market Failures and Remedies Peter Honeyman & Galina Schwartz Center for Information Technology.
Fundamental Characteristics of Financial Industry and Natural Evolution(I) Dr. J. D. Han.
© 2010 Institute of Information Management National Chiao Tung University Chapter 7 Incentive Mechanism Principle-Agent Problem Production with Teams Competition.
Econ 2610: Principles of Microeconomics Yogesh Uppal
L27 Review. Exam u On 12 th of May, 17:05 19:05 p.m. room: B10, 19 Ingraham Hall u Cumulative (I know it is a lot of work!) u 2 hours (120 min)
Chapter Thirty-Six Asymmetric Information. Information in Competitive Markets u In purely competitive markets all agents are fully informed about traded.
Consumer Choice With Uncertainty Part II: Examples
Pär Holmberg, Research Institute of Industrial Economics (IFN)
Consumer Choice With Uncertainty Part II: Examples
Eco 3311 Lecture 12 One Period Closed Economy Model - Equilibrium
Asymmetric Information
Performance Pay and Offshoring
Asymmetric Information
Lecture 8 Asymmetric Information: Adverse Selection
THE FIRM AND ITS CUSTOMERS: PART 2
Tutorial 4: Asymmetric Information
Essential Question 6 What factors affect the level of competition in various U.S. industries?
Presentation transcript:

Competitive Cyber-Insurance and Network Security Nikhil Shetty Galina Schwartz Mark Felegyhazi Jean Walrand EECS, UC-BerkeleyTRUST 2009 Presentation

Cyber-insurers as car dealers: trading lemons? Have you heard of Akerloff (1970) “Market for Lemons” Financial Services Industry = manage financial risks (reallocate, redistribute, reduce) Irony: Financial institutions are subject to network insecurity risks, and cry for help in managing these risks (via technology) EECS, UC Berkeley Slide 2 of 25

Plan of talk: Insecurity as Risk Model [no-insurance] Model + insurance, if user security –I. non-contractible –II. contractible Main results –In many cases, missing cyber-insurance market (if I.) –In general, network security worsens with cyber-insurers Discussion EECS, UC Berkeley Slide 3 of 25

Model [no-insurance] Players: Identical users –W - Wealth –D - Damage (if successful attack) –If successful attack, wealth is W- D –p – probability of successful attack –Risk-averse users EECS, UC Berkeley Slide 4 of 25

Probability of successful attack [interdependent security] Probability p depends on – user security (“private good”) AND –network security (“public good”) [externality] Interdependent security = externality: –Individual users: no effect on network security, BUT –Users’ security choices affect network security EECS, UC BerkeleySlide 5 of 25

Network Security Popular security models – based on Varian (2002) (weakest link, best shot, total effort) Our assumptions about network security: –Idea: network security is a function of average user security –This paper: network security = average user security EECS, UC Berkeley Slide 6 of 25

User Utility User’s trade-off : Security vs convenience (usability) EECS, UC Berkeley Slide 7 of 25

Optimized User Utility A companion paper - similar results for general functions (f & h). This paper: After users optimize applications: EECS, UC Berkeley Slide 8 of 25

Nash Equil. vs Social Optimum [No-Insurance ] User Utility Nash equilibrium vs Social Optimum If D/W is small, security is zero (or close to 0) EECS, UC Berkeley Slide 9 of 25

Security: Nash vs Social Optimum EECS, UC Berkeley Slide 10 of 25

Competitive cyber-insurers (cont.) Insurers: –free entry –zero operating costs –take network security as given Cases: if user security is I. Non-contractible – Contract prohibits purchasing extra coverage II. Contractible EECS, UC Berkeley Slide 11 of 25

Model of competitive cyber-insurers We follow Rothschild & Stiglitz (1976) Each insurer offers a single contract. Nash equilibrium is a set of admissible contracts –i) each insurer’s profit is non-negative For a given set of offered contracts –ii) no entrant-insurer can enter and make a strictly positive profit –iii) no incumbent-insurer can increase his profit by altering his contract EECS, UC Berkeley Slide 12 of 25

Competitive cyber-insurers Insurers are risk neutral & each maximizes his profit Perfectly competitive insurers  zero profits We consider 2 cases. If user security is: –I. Non-contractible –II. Contractible – EECS, UC Berkeley Slide 13 of 25

Equilibrium with cyber-insurers From insurer competition: User chooses from which insurer to buy a contract  In equilibrium, all contracts give a user identical utility Only contracts maximizing user utility attract users  In equilibrium, all contracts maximize user utility User participation constraint must hold EECS, UC Berkeley Slide 14 of 25

I. non-contractible v ; extra coverage is prohibited If D < 8/9 W - Missing cyber-insurance market [no equilibrium with positive insurance coverage exists] If D > 8/9 W - equilibrium contract may exist EECS, UC Berkeley Slide 15 of 25

Equilibrium security [I. non-contractible v ] When equilibrium with positive coverage exists, security worsens relative to no-insurance Nash Why security is worse? user’s incentives to invest in security worsen (risk is covered!) With insurance [& non-contractible v] –utility is higher than with no-insurance –but aggregate damage is higher too EECS, UC Berkeley Slide 16 of 25

II. contractible v EECS, UC Berkeley Slide 17 of 25

Equilibrium [II. contractible v ] In equilibrium, no user deviates to no insurance –If not, some insurer will offer contract with a deviating security level (with insurance, user utility is higher) Entire damage D is covered –If not, some insurer will offer a contract with a higher coverage  EECS, UC Berkeley Slide 18 of 25

Equilibrium security with insurance [II. contractible v ] Equilibrium contract –is unique –it covers the entire damage D We have: If D/W is very low: If D/W is high: EECS, UC Berkeley Slide 19 of 25

Security Levels [II. Contractible] EECS, UC Berkeley Slide 20 of 25

Conclusion Asymmetric information causes missing markets – A well know result of missing markets from the classical papers: Akerlof (1970) ; Rothschild and Stiglitz (1976) –Cyber-insurance is a convincing case of market failure 1. non-contractible user security (a lot of asymmetric info) –For most parameters, cyber insurance market is missing II. contractible user security (only some asymmetric info) –For most parameters, security worsens relative to no-insurance case EECS, UC Berkeley Slide 21 of 25

Missing cyber-insurance market & information asymmetries – a link Asymmetric information (present in our model): –I. non-contractible case: Insurers: no info about user security Insurers: no info about each other –II. Contractible case: Insurers: no info about each other Other info asymmetries could matter: –damage size –attack probability EECS, UC Berkeley Slide 22 of 25

Conclusion (c0nt.) Even with cyber insurance, improved network security is unlikely –With cyber-insurers, user utility improves, but in general, network security worsens ; sec. increases only if D/W is very low Insurers fail to improve security. Why? –Insurers free-ride on other insurers, which lowers security –Insurance is a tool for risk redistribution, not risk reduction EECS, UC Berkeley Slide 23 of 25

Are Cyber-insurers trading lemons? What are cyber-insurers selling? –Indulgences? ? Are cyber insurers selling us the peace of mind? EECS, UC Berkeley Slide 24 of 25

How to? Problems to resolve (for cyber-insurance to take off). Need to: –Reduce information asymmetries (tools: disclosure laws, requirements on standard (defaults) settings on security software … ) –Reduce network externalities (tools: imposition of limited user liability, i.e., mandating user security level, i.e., user certification) But – this is hard (technologically and politically) EECS, UC Berkeley Slide 25 of 25

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.