CYBECO

Supporting Cyberinsurance from a Behavioural Choice Perspective

Acronym: CYBECO.

Principal investigator: David Ríos Insua.

Project Reference: 740920

Start Date: 2017-05-01

End Date: 2019-04-30

Project website: https://www.cybeco.eu/

Abstract:

Cyber insurance can fulfil a key role in the economics of cybersecurity.

  • On one hand, by keeping the risk manageable for the insured companies by transferring it to the insurance provider, while, at the same time,
  • providing incentives for improving security, requiring certain minimum protection, and thereby reducing overall risk.

Unfortunately, cyber insurance does not really take off, because

  • from the supply side, it is difficult for insurance companies to create an overall risk picture for the domain and design their offerings accordingly, partly because of lack of data, and
  • from the demand side, it is difficult for companies to decide on whether to buy insurance or not.

The CYBECO project will focus on two aspects of choice behaviour to fill these identified gaps and help to further develop the supply and demand sides of cyber insurance services by:

  1. Including behaviour of cyber threats in risk assessment through adversarial risk analysis, in order to support insurance companies in estimating (dependent) risks and setting premiums, and
  2. Using behavioural experiments to simulate and improve insurance decisions of IT owners, thereby enhancing decision support on risk transfer.

Consequently, we aim at better facilitating risk-based information security investments and progressing beyond state of the art in information security economics models, supporting insurance companies in their cyber offerings through a risk management modelling framework and tool, thus benefitting society at large.

In a nutshell, by properly modelling and combining the choice behaviour of cyber threats (risk generation), the choice behaviour of insurance companies (risk assessment) and the choice behaviour of IT owners (which includes risk transfer options as cyber insurance), we aim at globally mitigating cyber risks.

 

Bandera UE

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 740920.