Optimisation of cyber insurance coverage with selection of cost effective security controls
- URL: http://arxiv.org/abs/2503.02706v1
- Date: Tue, 04 Mar 2025 15:21:13 GMT
- Title: Optimisation of cyber insurance coverage with selection of cost effective security controls
- Authors: Ganbayar Uuganbayar, Artsiom Yautsiukhin, Fabio Martinelli, Fabio Massacci,
- Abstract summary: We propose an approach to help a risk-averse organisation to distribute its cyber security investments in a cost-efficient way.<n>What makes our approach unique is that next to defining the amount of investments in cyber insurance and self-protection, our proposal also explicitly defines how these investments should be spent.<n>We provide an exact algorithm for the control selection problem considering several threats at the same time and compare this algorithm with other approximate algorithmic solutions.
- Score: 6.979741527495431
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: Nowadays, cyber threats are considered among the most dangerous risks by top management of enterprises. One way to deal with these risks is to insure them, but cyber insurance is still quite expensive. The insurance fee can be reduced if organisations improve their cyber security protection, i.e., reducing the insured risk. In other words, organisations need an investment strategy to decide the optimal amount of investments into cyber insurance and self-protection. In this work, we propose an approach to help a risk-averse organisation to distribute its cyber security investments in a cost-efficient way. What makes our approach unique is that next to defining the amount of investments in cyber insurance and self-protection, our proposal also explicitly defines how these investments should be spent by selecting the most cost-efficient security controls. Moreover, we provide an exact algorithm for the control selection problem considering several threats at the same time and compare this algorithm with other approximate algorithmic solutions.
Related papers
- An Approach to Technical AGI Safety and Security [72.83728459135101]
We develop an approach to address the risk of harms consequential enough to significantly harm humanity.
We focus on technical approaches to misuse and misalignment.
We briefly outline how these ingredients could be combined to produce safety cases for AGI systems.
arXiv Detail & Related papers (2025-04-02T15:59:31Z) - AI threats to national security can be countered through an incident regime [55.2480439325792]
We propose a legally mandated post-deployment AI incident regime that aims to counter potential national security threats from AI systems.
Our proposed AI incident regime is split into three phases. The first phase revolves around a novel operationalization of what counts as an 'AI incident'
The second and third phases spell out that AI providers should notify a government agency about incidents, and that the government agency should be involved in amending AI providers' security and safety procedures.
arXiv Detail & Related papers (2025-03-25T17:51:50Z) - AI Risk Management Should Incorporate Both Safety and Security [185.68738503122114]
We argue that stakeholders in AI risk management should be aware of the nuances, synergies, and interplay between safety and security.
We introduce a unified reference framework to clarify the differences and interplay between AI safety and AI security.
arXiv Detail & Related papers (2024-05-29T21:00:47Z) - Towards Guaranteed Safe AI: A Framework for Ensuring Robust and Reliable AI Systems [88.80306881112313]
We will introduce and define a family of approaches to AI safety, which we will refer to as guaranteed safe (GS) AI.
The core feature of these approaches is that they aim to produce AI systems which are equipped with high-assurance quantitative safety guarantees.
We outline a number of approaches for creating each of these three core components, describe the main technical challenges, and suggest a number of potential solutions to them.
arXiv Detail & Related papers (2024-05-10T17:38:32Z) - Mind the Gap: Securely modeling cyber risk based on security deviations
from a peer group [2.7910505923792646]
This paper proposes a new framework for cyber posture against peers and estimating cyber risk within specific economic sectors.
We introduce a new top-line variable called the Defense Gap Index representing the weighted security gap between an organization and its peers.
We apply this approach in a specific sector using data collected from 25 large firms.
arXiv Detail & Related papers (2024-02-06T17:22:45Z) - Fortify Your Defenses: Strategic Budget Allocation to Enhance Power Grid
Cybersecurity [1.672787996847537]
Given potential cyber-attack sequences for a cyber-physical component in the power grid, find the optimal manner to allocate an available budget to implement necessary preventive mitigation measures.
We formulate the problem as a mixed integer linear program to identify the optimal budget partition and set of mitigation measures.
We show how altering the budget allocation for tasks such as asset management, cybersecurity infrastructure improvement, incident response planning and employee training affects the choice of the optimal set of preventive mitigation measures.
arXiv Detail & Related papers (2023-12-20T23:01:35Z) - Cyber Insurance for Cyber Resilience [13.712257570488756]
This chapter presents a review of the quantitative cyber insurance design framework.
It builds on the correlation between state-of-the-art attacker vectors and defense mechanisms.
Using the modern techniques in quantifying the risk preferences of individuals, we link the economic impacts of perception manipulation with moral hazard.
arXiv Detail & Related papers (2023-12-05T17:50:34Z) - SECAdvisor: a Tool for Cybersecurity Planning using Economic Models [0.587978226098469]
Lack of investments and perverse economic incentives are the root cause of cyberattacks.
This article introduces SECAdvisor, a tool to support cybersecurity planning using economic models.
arXiv Detail & Related papers (2023-04-16T22:31:50Z) - Cyber Risk Assessment for Capital Management [8.807503512479427]
This paper introduces a two-pillar cyber risk management framework to address the pervasive challenges in managing cyber risk.<n>The first pillar, cyber risk assessment, combines insurance frequency-severity models with cybersecurity cascade models to capture the unique nature of cyber risk.<n>The second pillar, cyber capital management, facilitates informed allocation of capital for a balanced cyber risk management strategy.
arXiv Detail & Related papers (2022-05-17T15:25:23Z) - A Survey of Risk-Aware Multi-Armed Bandits [84.67376599822569]
We review various risk measures of interest, and comment on their properties.
We consider algorithms for the regret minimization setting, where the exploration-exploitation trade-off manifests.
We conclude by commenting on persisting challenges and fertile areas for future research.
arXiv Detail & Related papers (2022-05-12T02:20:34Z) - Safe Online Bid Optimization with Return-On-Investment and Budget
Constraints subject to Uncertainty [87.81197574939355]
We study the nature of both the optimization and learning problems.
We provide an algorithm, namely GCB, guaranteeing sublinear regret at the cost of a potentially linear number of constraints violations.
More interestingly, we provide an algorithm, namely GCB_safe(psi,phi), guaranteeing both sublinear pseudo-regret and safety w.h.p. at the cost of accepting tolerances psi and phi.
arXiv Detail & Related papers (2022-01-18T17:24:20Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.