When to Treat Security Risks with Cyber Insurance
Chapter
Accepted version
Åpne
Permanent lenke
http://hdl.handle.net/11250/2595461Utgivelsesdato
2018Metadata
Vis full innførselSamlinger
Originalversjon
10.1109/CyberSA.2018.8551456Sammendrag
Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for affordable and practical ways of performing risk quantification when determining risk treatment options. To address this concern, we propose a lightweight, data-driven approach for organisations to evaluate their own need for cyber insurance. A generic risk model, populated with available industry averages, is used as a starting point. Individual organisations can instantiate this model to obtain a risk profile for themselves related to relevant cyber threats. The risk profile is then used together with a cyber insurance profile to estimate the benefit and as a basis for comparing offers from different insurance providers.