Investments in security and cyber-insurance are two cyber-risk management strategies that can be employed together to optimize the overall security expense. In this paper, we provide a closed form for the optimal investment under a full set of insurance liability scenarios (full liability, limited liability, and limited liability with deductibles) when we consider a multi-branch firm with correlated vulnerability. The insurance component results to be the major expense. It ends up being the only recommended approach (i.e., setting zero investments in security) when the intrinsic vulnerability is either very low or very high. We also study the robustness of the investment choices when our knowledge of vulnerability and correlation is uncertain, concluding that the uncertainty induced on investment by either uncertain correlation or uncertain vulnerability is not significant

Mazzoccoli, A., Naldi, M. (2021). Optimal investment in cyber-security under cyber insurance for a multi-branch firm. RISKS, 9(1), 1-28 [10.3390/risks9010024].

Optimal investment in cyber-security under cyber insurance for a multi-branch firm

Mazzoccoli A.;Naldi M.
2021

Abstract

Investments in security and cyber-insurance are two cyber-risk management strategies that can be employed together to optimize the overall security expense. In this paper, we provide a closed form for the optimal investment under a full set of insurance liability scenarios (full liability, limited liability, and limited liability with deductibles) when we consider a multi-branch firm with correlated vulnerability. The insurance component results to be the major expense. It ends up being the only recommended approach (i.e., setting zero investments in security) when the intrinsic vulnerability is either very low or very high. We also study the robustness of the investment choices when our knowledge of vulnerability and correlation is uncertain, concluding that the uncertainty induced on investment by either uncertain correlation or uncertain vulnerability is not significant
Mazzoccoli, A., Naldi, M. (2021). Optimal investment in cyber-security under cyber insurance for a multi-branch firm. RISKS, 9(1), 1-28 [10.3390/risks9010024].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11590/417943
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 4
  • ???jsp.display-item.citation.isi??? 4
social impact