CYBECO - Supporting Cyberinsurance from a Behavioural Choice Perspective

Date: 
05/01/2017 to 30/04/2019

Introduction

Cyberinsurance can fulfill a key role in improving cybersecurity within companies by providing incentives for them to improve their security, requiring certain minimum protection standards. Unfortunately, so far cyberinsurance has not been widely adopted. CYBECO focuses on two aspects to fill this gap:

  • Including cyberthreat behaviour through adversarial risk analysis to support insurance companies in estimating risks and setting premiums as well as
  • using behavioural experiments to improve IT owners’ cybersecurity decisions. We thus facilitate risk-based cybersecurity investments and progress beyond information security economic models, supporting insurers in their cyber offerings through a risk management modelling framework and tool.

Who is the project designed for?

CYBECO includes a detailed analysis of the cyberinsurance (and cybersecurity) ecosystem as well an exploitation plan.
We identify the following markets:

  • Supply side:
    • Insurance companies aimed at providing improved cyberinsurance products.
    • Associated with them, insurance brokers and reinsurers.
    • Cyber security and consulting companies that could include well-calibrated cyber insurance products within their portfolios.
  • Demand side:
    • Owners of IT installations whose organizations critically depend on it, including SMEs, large companies, public administrations and, in the not so distant future, individuals insuring their home installations.

In short, we aim at making society more cybersecure.

Last, but not least, researchers in various areas (technology management, IT security, insurance, risk analysis, behavioural economics, cyber-psychology) would also benefit from our advances.

How is your project benefitting the end-user?

On the supply side, end-users benefit from better founded and designed cyberinsurance products and cyber risk management frameworks. On the demand side, end-users benefit from a well-founded tool that allows them to determine their optimal cyber security investments, including the appropriate cyber insurance product.

Globally, society as whole benefits since the project helps create a more secure environment.

In a nutshell, by properly modelling and combining decision-making behaviour surrounding cyber threats (risk generation), the decision-making behaviour of insurance companies (risk assessment) and the decision-making behaviour of IT owners (which includes cyber insurance), we aim to help mitigate cyber risks at the global level.

Please briefly describe the results your project achieved so far

  1. A model that facilitates the best portfolio of cybersecurity investments, including cyberinsurance, together with a case study that serves as template for complex studies.
  2. Other risk management models for cyber insurance decisions (cyber reinsurance and granting an insurance product).
  3. Several case studies to evaluate the methodology.
  4. A skeleton of a tool to facilitate implementing the above models.
  5. A study of the cyber insurance ecosystem to identify policy gaps and how our framework may be better applied within such ecosystem.
  6. The design of experiments to assess our model.

What are the next steps for your project?

  1. Perform the experiments.
  2. Complete the tool.
  3. Complete the case studies with our methodology.
  4. Refine the methodology based on experiments, case studies and tool experiences.
  5. Complete the cyberinsurance ecosystem and policy analysis to feed an exploitation plan.
Week: 
Thursday, 1 November, 2018

Project type:

News

Cyberwatching.eu Project of the Week: CyberSec4Europe

The CyberSec4Europe project, one of the four pilot projects aimed at establishing a European Cybersecurity Competence Network has just been launched on February 28 in Brussels.

During its 42 months of duration, the project will align and interconnect a vast pool of research excellence in existing centres and research facilities, bringing together cybersecurity expertise in an interdisciplinary manner while developing a governance model for the future European Cybersecurity Competence Network.

Future Events

Cyber Insurance and its Contribution to Cyber Risk Mitigation - Leiden March 25-29
25/03/2019 to 29/03/2019
Image:

The rise in both the scale and severity of recent cyberattacks demands new thinking about cybersecurity risk and the mitigation and transfer of that risk. Cyber insurance is one potential way to manage risk by transferring damage liability, but the cyber insurance market is immature and the understanding and actuarial knowledge of cyber-risk is currently underdeveloped.

e-SIDES workshop 2019
02/04/2019
Image:

e-SIDES workshop: Towards Value-Centric Big Data: Connect People, Processes and Technology

BRUSSELS

2 April 2019

10am to 4pm

 

e-SIDES is a research project funded by European Commission H2020 Programme that deals with the ethical, legal, social and economic implications of privacy-preserving technologies in different big data context.