TY - JOUR
T1 - A framework for incorporating insurance in critical infrastructure cyber risk strategies
AU - Young, Derek
AU - Lopez, Juan
AU - Rice, Mason
AU - Ramsey, Benjamin
AU - McTasney, Robert
N1 - Publisher Copyright:
© 2016
PY - 2016/9/1
Y1 - 2016/9/1
N2 - Smart critical infrastructure owners and operators are always looking for ways to minimize cyber risk while keeping a lid on cyber security expenditures. The insurance industry has been quantitatively assessing risk for hundreds of years to minimize risk and maximize profits. To achieve these goals, insurers continuously gather and analyze statistical data to improve their predictions, incentivize client investments in self-protection and periodically refine their models to improve the accuracy of risk estimates. This paper presents a framework that incorporates the operating principles of the insurance industry to provide quantitative estimates of cyber risk. The framework uses optimization techniques to suggest levels of investment in cyber security and insurance for critical infrastructure owners and operators. This analysis can be used to quantitatively formulate strategies to minimize cyber risk.
AB - Smart critical infrastructure owners and operators are always looking for ways to minimize cyber risk while keeping a lid on cyber security expenditures. The insurance industry has been quantitatively assessing risk for hundreds of years to minimize risk and maximize profits. To achieve these goals, insurers continuously gather and analyze statistical data to improve their predictions, incentivize client investments in self-protection and periodically refine their models to improve the accuracy of risk estimates. This paper presents a framework that incorporates the operating principles of the insurance industry to provide quantitative estimates of cyber risk. The framework uses optimization techniques to suggest levels of investment in cyber security and insurance for critical infrastructure owners and operators. This analysis can be used to quantitatively formulate strategies to minimize cyber risk.
KW - Critical infrastructure
KW - Cyber security insurance
KW - Quantitative risk analysis
UR - http://www.scopus.com/inward/record.url?scp=84963940222&partnerID=8YFLogxK
U2 - 10.1016/j.ijcip.2016.04.001
DO - 10.1016/j.ijcip.2016.04.001
M3 - Article
AN - SCOPUS:84963940222
SN - 1874-5482
VL - 14
SP - 43
EP - 57
JO - International Journal of Critical Infrastructure Protection
JF - International Journal of Critical Infrastructure Protection
ER -