IDEAS home Printed from https://ideas.repec.org/a/gam/jrisks/v9y2021i1p24-d479033.html
   My bibliography  Save this article

Optimal Investment in Cyber-Security under Cyber Insurance for a Multi-Branch Firm

Author

Listed:
  • Alessandro Mazzoccoli

    (Department of Civil Engineering and Computer Science, University of Rome Tor Vergata, Via del Politecnico 1, 00133 Rome, Italy
    These authors contributed equally to this work.)

  • Maurizio Naldi

    (Department of Law, Economics, Politics and Modern languages, LUMSA University, Via Marcantonio Colonna 19, 00192 Rome, Italy
    These authors contributed equally to this work.)

Abstract

Investments in security and cyber-insurance are two cyber-risk management strategies that can be employed together to optimize the overall security expense. In this paper, we provide a closed form for the optimal investment under a full set of insurance liability scenarios (full liability, limited liability, and limited liability with deductibles) when we consider a multi-branch firm with correlated vulnerability. The insurance component results to be the major expense. It ends up being the only recommended approach (i.e., setting zero investments in security) when the intrinsic vulnerability is either very low or very high. We also study the robustness of the investment choices when our knowledge of vulnerability and correlation is uncertain, concluding that the uncertainty induced on investment by either uncertain correlation or uncertain vulnerability is not significant.

Suggested Citation

  • Alessandro Mazzoccoli & Maurizio Naldi, 2021. "Optimal Investment in Cyber-Security under Cyber Insurance for a Multi-Branch Firm," Risks, MDPI, vol. 9(1), pages 1-28, January.
    • Handle: RePEc:gam:jrisks:v:9:y:2021:i:1:p:24-:d:479033
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2227-9091/9/1/24/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2227-9091/9/1/24/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Jay Kesan & Rupterto Majuca & William Yurcik, "undated". "The Economic Case for Cyberinsurance," University of Illinois Legal Working Paper Series uiuclwps-1001, University of Illinois College of Law.
    2. Naldi, Maurizio & Nicosia, Gaia & Pacifici, Andrea & Pferschy, Ulrich, 2019. "Profit-fairness trade-off in project selection," Socio-Economic Planning Sciences, Elsevier, vol. 67(C), pages 133-146.
    3. Grzegorz Strupczewski, 2018. "Current state of the cyber insurance market," Proceedings of Economics and Finance Conferences 6910062, International Institute of Social and Economic Sciences.
    4. Kshetri, Nir, 2020. "The evolution of cyber-insurance industry and market: An institutional analysis," Telecommunications Policy, Elsevier, vol. 44(8).
    5. Young, Derek & Lopez, Juan & Rice, Mason & Ramsey, Benjamin & McTasney, Robert, 2016. "A framework for incorporating insurance in critical infrastructure cyber risk strategies," International Journal of Critical Infrastructure Protection, Elsevier, vol. 14(C), pages 43-57.
    6. Levitin, Gregory & Xing, Liudong & Dai, Yuanshun, 2018. "Co-residence based data vulnerability vs. security in cloud computing system with random server assignment," European Journal of Operational Research, Elsevier, vol. 267(2), pages 676-686.
    7. Maurizio Naldi & Marta Flamini & Giuseppe D’Acquisto, 2018. "Negligence and sanctions in information security investments in a cloud environment," Electronic Markets, Springer;IIM University of St. Gallen, vol. 28(1), pages 39-52, February.
    8. Eling, Martin & Wirfs, Jan, 2019. "What are the actual costs of cyber risk events?," European Journal of Operational Research, Elsevier, vol. 272(3), pages 1109-1119.
    9. Ouyang, Min, 2017. "A mathematical framework to optimize resilience of interdependent critical infrastructure systems under spatially localized attacks," European Journal of Operational Research, Elsevier, vol. 262(3), pages 1072-1084.
    10. Nagurney, Anna & Shukla, Shivani, 2017. "Multifirm models of cybersecurity investment competition vs. cooperation and network vulnerability," European Journal of Operational Research, Elsevier, vol. 260(2), pages 588-600.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Loretta Mastroeni & Alessandro Mazzoccoli & Maurizio Naldi, 2022. "Pricing Cat Bonds for Cloud Service Failures," JRFM, MDPI, vol. 15(10), pages 1-18, October.
    2. Alessandro Mazzoccoli & Maurizio Naldi, 2022. "An Overview of Security Breach Probability Models," Risks, MDPI, vol. 10(11), pages 1-29, November.
    3. Alessandro Mazzoccoli, 2023. "Optimal Cyber Security Investment in a Mixed Risk Management Framework: Examining the Role of Cyber Insurance and Expenditure Analysis," Risks, MDPI, vol. 11(9), pages 1-14, August.
    4. Gabriela Zeller & Matthias Scherer, 2023. "Risk mitigation services in cyber insurance: optimal contract design and price structure," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 502-547, April.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Alessandro Mazzoccoli & Maurizio Naldi, 2020. "Robustness of Optimal Investment Decisions in Mixed Insurance/Investment Cyber Risk Management," Risk Analysis, John Wiley & Sons, vol. 40(3), pages 550-564, March.
    2. Alessandro Mazzoccoli & Maurizio Naldi, 2022. "An Overview of Security Breach Probability Models," Risks, MDPI, vol. 10(11), pages 1-29, November.
    3. Suyuan Luo & Tsan‐Ming Choi, 2022. "E‐commerce supply chains with considerations of cyber‐security: Should governments play a role?," Production and Operations Management, Production and Operations Management Society, vol. 31(5), pages 2107-2126, May.
    4. Gabriela Zeller & Matthias Scherer, 2023. "Risk mitigation services in cyber insurance: optimal contract design and price structure," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 502-547, April.
    5. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    6. Zhang, Xiaoyu & Xu, Maochao & Su, Jianxi & Zhao, Peng, 2023. "Structural models for fog computing based internet of things architectures with insurance and risk management applications," European Journal of Operational Research, Elsevier, vol. 305(3), pages 1273-1291.
    7. Alessandro Mazzoccoli, 2023. "Optimal Cyber Security Investment in a Mixed Risk Management Framework: Examining the Role of Cyber Insurance and Expenditure Analysis," Risks, MDPI, vol. 11(9), pages 1-14, August.
    8. Da, Gaofeng & Xu, Maochao & Zhao, Peng, 2021. "Multivariate dependence among cyber risks based on L-hop propagation," Insurance: Mathematics and Economics, Elsevier, vol. 101(PB), pages 525-546.
    9. Md. Hamid Uddin & Md. Hakim Ali & Mohammad Kabir Hassan, 2020. "Cybersecurity hazards and financial system vulnerability: a synthesis of literature," Risk Management, Palgrave Macmillan, vol. 22(4), pages 239-309, December.
    10. Caroline Hillairet & Olivier Lopez & Louise d'Oultremont & Brieuc Spoorenberg, 2022. "Cyber contagion: impact of the network structure on the losses of an insurance portfolio," Post-Print hal-03388840, HAL.
    11. Levitin, Gregory & Xing, Liudong & Xiang, Yanping, 2020. "Optimization of time constrained N-version programming service components with competing task execution and version corruption processes," Reliability Engineering and System Safety, Elsevier, vol. 193(C).
    12. Pavel V. Shevchenko & Jiwook Jang & Matteo Malavasi & Gareth W. Peters & Georgy Sofronov & Stefan Truck, 2022. "The Nature of Losses from Cyber-Related Events: Risk Categories and Business Sectors," Papers 2202.10189, arXiv.org, revised Mar 2022.
    13. Hao, Yucheng & Jia, Limin & Zio, Enrico & Wang, Yanhui & Small, Michael & Li, Man, 2023. "Improving resilience of high-speed train by optimizing repair strategies," Reliability Engineering and System Safety, Elsevier, vol. 237(C).
    14. Caroline Hillairet & Olivier Lopez & Louise d'Oultremont & Brieuc Spoorenberg, 2021. "Cyber contagion: impact of the network structure on the losses of an insurance portfolio," Working Papers hal-03388840, HAL.
    15. Matteo Malavasi & Gareth W. Peters & Pavel V. Shevchenko & Stefan Truck & Jiwook Jang & Georgy Sofronov, 2021. "Cyber Risk Frequency, Severity and Insurance Viability," Papers 2111.03366, arXiv.org, revised Mar 2022.
    16. Hayes, Darren R. & Cappa, Francesco, 2018. "Open-source intelligence for risk assessment," Business Horizons, Elsevier, vol. 61(5), pages 689-697.
    17. Agbodoh-Falschau, Kouassi Raymond & Ravaonorohanta, Bako Harinivo, 2023. "Investigating the influence of governance determinants on reporting cybersecurity incidents to police: Evidence from Canadian organizations’ perspectives," Technology in Society, Elsevier, vol. 74(C).
    18. Hausken, Kjell, 2024. "Fifty Years of Operations Research in Defense," European Journal of Operational Research, Elsevier, vol. 318(2), pages 355-368.
    19. Uddin, Md Hamid & Mollah, Sabur & Islam, Nazrul & Ali, Md Hakim, 2023. "Does digital transformation matter for operational risk exposure?," Technological Forecasting and Social Change, Elsevier, vol. 197(C).
    20. Xiaoge Zhang & Sankaran Mahadevan & Kai Goebel, 2019. "Network Reconfiguration for Increasing Transportation System Resilience Under Extreme Events," Risk Analysis, John Wiley & Sons, vol. 39(9), pages 2054-2075, September.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jrisks:v:9:y:2021:i:1:p:24-:d:479033. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.