Risk mitigation services in cyber insurance: optimal contract design and price structure

Gabriela Zeller, Matthias Scherer

Research output: Contribution to journalArticlepeer-review

Abstract

As the cyber insurance market is expanding and cyber insurance policies continue to mature, the potential of including pre-incident and post-incident services into cyber policies is being recognised by insurers and insurance buyers. This work addresses the question of how such services should be priced from the insurer’s viewpoint, i.e. under which conditions it is rational for a profit-maximising, risk-neutral or risk-averse insurer to share the costs of providing risk mitigation services. The interaction between insurance buyer and seller is modelled as a Stackelberg game, where both parties use distortion risk measures to model their individual risk aversion. After linking the notions of pre-incident and post-incident services to the concepts of self-protection and self-insurance, we show that when pricing a single contract, the insurer would always shift the full cost of self-protection services to the insured; however, this does not generally hold for the pricing of self-insurance services or when taking a portfolio viewpoint. We illustrate the latter statement using toy examples of risks with dependence mechanisms representative in the cyber context.

Original languageEnglish
Pages (from-to)502-547
Number of pages46
JournalGeneva Papers on Risk and Insurance: Issues and Practice
Volume48
Issue number2
DOIs
StatePublished - Apr 2023

Keywords

  • Coherent risk measures
  • Cyber assistance
  • Cyber insurance
  • Cyber risk
  • Prevention
  • Self-insurance
  • Self-protection
  • Stackelberg game

Fingerprint

Dive into the research topics of 'Risk mitigation services in cyber insurance: optimal contract design and price structure'. Together they form a unique fingerprint.

Cite this