A New Perspective on Internet Security using Insurance

Jean Bolot 1 Marc Lelarge 2
2 TREC - Theory of networks and communications
DI-ENS - Département d'informatique de l'École normale supérieure, ENS Paris - École normale supérieure - Paris, Inria Paris-Rocquencourt
Abstract : Managing security risks in the Internet has so far mostly involved methods to reduce the risks and the severity of the damages. Those methods (such as firewalls, intrusion detection and prevention, etc) reduce but do not eliminate risk, and the question remains on how to handle the residual risk. In this paper, we take a new approach to the problem of Internet security and advocate managing this residual risk by buying insurance against it, in other words by transferring the risk to an insurance company in return for a fee, namely the insurance premium. We consider the problem of whether buying insurance to protect the Internet and its users from security risks makes sense, and if so, of identifying specific benefits of insurance and designing appropriate insurance policies. Using insurance in the Internet raises several questions because entities in the Internet face correlated risks, which means that insurance claims will likely be correlated, making those entities less attractive to insurance companies. Furthermore, risks are interdependent, meaning that the decision by an entity to invest in security and self-protect affects the risk faced by others. We analyze the impact of these externalities on the security investments of the users using simple models that combine recent ideas from risk theory and network modeling. Our key result is that using insurance would increase the security in the Internet. Specifically, we show that the adoption of security investments follows a threshold or tipping point dynamics, and that insurance is a powerful incentive mechanism which pushes entities over the threshold into a desirable state where they invest in self-protection. Given its many benefits, we argue that insurance should become an important component of risk management in the Internet, and discuss its impact on Internet mechanisms and architecture.
Type de document :
Rapport
[Research Report] RR-6329, INRIA. 2007
Liste complète des métadonnées

Littérature citée [44 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/inria-00179479
Contributeur : Marc Lelarge <>
Soumis le : mardi 23 octobre 2007 - 17:50:41
Dernière modification le : jeudi 11 janvier 2018 - 06:20:06
Document(s) archivé(s) le : vendredi 25 novembre 2016 - 17:42:21

Fichier

cyber-RR.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : inria-00179479, version 3

Collections

Citation

Jean Bolot, Marc Lelarge. A New Perspective on Internet Security using Insurance. [Research Report] RR-6329, INRIA. 2007. 〈inria-00179479v3〉

Partager

Métriques

Consultations de la notice

200

Téléchargements de fichiers

294