University of Surrey

Test tubes in the lab Research in the ATI Dance Research

Cyber-Insurance as a Signaling Game: Self-Reporting and External Security Audits

Laszka, Aron, Panaousis, Emmanouil and Grossklags, Jens (2018) Cyber-Insurance as a Signaling Game: Self-Reporting and External Security Audits In: 9th Conference on Decision and Game Theory for Security (GameSec 2018), 29-31 Oct 2018, Seattle, WA, USA.

[img]
Preview
Text
Cyber-Insurance as a Signaling Game.pdf - Accepted version Manuscript

Download (349kB) | Preview

Abstract

An insurer has to know the risks faced by a potential client to accurately determine an insurance premium offer. However, while the potential client might have a good understanding of its own security practices, it may also have an incentive not to disclose them honestly since the resulting information asymmetry could work in its favor. This information asymmetry engenders adverse selection, which can result in unfair premiums and reduced adoption of cyber-insurance. To overcome information asymmetry, insurers often require potential clients to selfreport their risks. Still, clients do not have any incentive to perform thorough self-audits or to provide comprehensive reports. As a result, insurers have to complement self-reporting with external security audits to verify the clients' reports. Since these audits can be very expensive, a key problem faced by insurers is to devise an auditing strategy that deters clients from dishonest reporting using a minimal number of audits. To solve this problem, we model the interactions between a potential client and an insurer as a two-player signaling game. One player represents the client, who knows its actual security-investment level, but may report any level to the insurer. The other player represents the insurer, who knows only the random distribution from which the security level was drawn, but may discover the actual level using an expensive audit. We study the players' equilibrium strategies and provide numerical illustrations.

Item Type: Conference or Workshop Item (Conference Paper)
Divisions : Faculty of Engineering and Physical Sciences > Computing Science
Authors :
NameEmailORCID
Laszka, Aron
Panaousis, Emmanouile.panaousis@surrey.ac.uk
Grossklags, Jens
Date : 2018
Related URLs :
Additional Information : GameSec 2018 proceedings will be published by Springer as part of the LNCS series.
Depositing User : Clive Harris
Date Deposited : 23 Aug 2018 13:37
Last Modified : 29 Oct 2018 02:08
URI: http://epubs.surrey.ac.uk/id/eprint/849078

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year


Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800