Abstract
Nowadays, cyber threats are considered among the most dangerous risks by top management of enterprises. One way to deal with these risks is to insure them, but cyber insurance is still quite expensive. The insurance fee can be reduced if organisations improve their cyber security protection, i.e., reducing the insured risk. In other words, organisations need an investment strategy to decide the optimal amount of investments into cyber insurance and self-protection. In this work, we propose an approach to help a risk-averse organisation to distribute its cyber security investments in a cost-efficient way. What makes our approach unique is that next to defining the amount of investments in cyber insurance and self-protection, our proposal also explicitly defines how these investments should be spent by selecting the most cost-efficient security controls. Moreover, we provide an exact algorithm for the control selection problem considering several threats at the same time and compare this algorithm with other approximate algorithmic solutions.
Original language | English |
---|---|
Article number | 102121 |
Pages (from-to) | 1-21 |
Number of pages | 21 |
Journal | Computers and Security |
Volume | 101 |
Early online date | 27 Nov 2020 |
DOIs | |
Publication status | Published - Feb 2021 |
Funding
This work was partially supported by projects H2020 MSCA NeCS 675320, H2020 MSCA CyberSure 734815, H2020 SPARTA 830892 and H2020 CyberSec4Europe 830929. We thank to anonymous reviewers.
Funders | Funder number |
---|---|
Horizon 2020 Framework Programme | 734815, 675320, 830892, 830929 |
Keywords
- Cyber insurance
- Dynamic programming
- Genetic algorithm
- Risk management
- Risk treatment
- Security investment