• DocumentCode
    3347115
  • Title

    A New Perspective on Internet Security using Insurance

  • Author

    Bolot, J.C. ; Lelarge, Marc

  • Author_Institution
    Sprint, Burlingame
  • fYear
    2008
  • fDate
    13-18 April 2008
  • Abstract
    Managing security risks in the Internet has so far mostly involved methods to reduce the risks and the severity of the damages. Those methods (such as firewalls, intrusion detection and prevention, etc) reduce but do not eliminate risk, and the question remains on how to handle the residual risk. In this paper, we take a new approach to the problem of Internet security and advocate managing this residual risk by buying insurance against it. Using insurance in the Internet raises several questions because entities in the Internet face correlated risks, which means that insurance claims will likely be correlated, making those entities less attractive to insurance companies. Furthermore, risks are interdependent, meaning that the decision by an entity to invest in security and self-protect affects the risk faced by others. We analyze the impact of these externalities on the security investments of users using a simple 2-agent model. Our key results are that there are sound economic reasons for agents to not invest much in self-protection, and that insurance is a desirable incentive mechanism which pushes agents over a threshold into a desirable state where they all invest in self-protection. In other words, insurance increases the level of self-protection, and therefore the level of security, in the Internet. Therefore, we believe that insurance should become an important component of risk management in the Internet.
  • Keywords
    Web services; insurance; risk management; security; Internet security; insurance companies; residual risk; risk management; security investments; self-protection level; Communications Society; Costs; Insurance; Intrusion detection; Investments; Protection; Risk management; Security; USA Councils; Web and internet services;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    INFOCOM 2008. The 27th Conference on Computer Communications. IEEE
  • Conference_Location
    Phoenix, AZ
  • ISSN
    0743-166X
  • Print_ISBN
    978-1-4244-2025-4
  • Type

    conf

  • DOI
    10.1109/INFOCOM.2008.259
  • Filename
    4509854