A Framework for Incorporating Insurance into Critical Infrastructure Cyber Risk Strategies

Abstract

Critical infrastructure owners and operators want to minimize their cyber risk and expenditures on cybersecurity. The insurance industry has been quantitatively assessing risk for hundreds of years in order to minimize risks and maximize profits. To achieve these goals, insurers continuously gather statistical data to improve their predictions, incentivize their clients investment in self-protection and periodically refine their models to improve the accuracy of risk estimates. This paper presents a framework which incorporates the operating principles of the insurance industry in order to provide quantitative estimates of cyber risk. The framework implements optimization techniques to suggest levels of investment for both cybersecurity and insurance for critical infrastructure owners and operators. This analysis can be used to quantitatively formulate strategies to minimize cyber risk.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 24, 2016
Accession Number
AD1053886

Entities

People

  • Derek R Young

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Air Force
  • Commerce
  • Computer Security
  • Computers
  • Control Systems
  • Cyber Threats
  • Cyberattacks
  • Cybersecurity
  • Department Of Homeland Security
  • Governments
  • Homeland Security
  • Information Processing
  • Information Science
  • Information Security
  • Information Systems
  • Infrastructure
  • Internet
  • Law
  • Predictive Modeling
  • Probability
  • Risk
  • Risk Analysis
  • Risk Management
  • Security
  • Spreadsheet Software
  • Surveys

Readers

  • Cybersecurity.
  • Defense Acquisition Program Management
  • Systems Analysis and Design

Technology Areas

  • Cyber