Monday, December 9, 2019
Cyber Insurance for Information Infrastructure -myassignmenthelp
Question: Discuss about theCyber Insurance for Information Technology Infrastructure. Answer: Introduction Cyber Insurance is the insurance of the production which has been used or is going to be used for the protection of the business and the individual users as well. They are from the internet based risks that arise from the information technology infrastructure and the activities. (Wang, 2017). There is a policy which include the coverage which is mainly against the loss like the destruction of data, theft and the hacking. (Breton, 2017) The denial of service, liability coverage and then working over the errors and omissions is a major part of cyber insurance. The failure to safeguard the data or the defamation includes the different types of security auditing practices with post incident public relations which is based on criminal reward funds. Benefits of Cyber Insurance There are different markets in the countries which are comparatively smaller to the other types of the insurance products. The overall effect is emerging with the cyber threats which are not easy to qualify rather effect people and the business. They have a relatively broader comparison to the scope of protection which is generally provided by the insurance of the products, companies that tend to continue with proper development of the services (Pal et al., 2017). The insurers work on the cyber loss and the other cyber threats which are developing and changing the system standards. It is important to work with the IT security services with the criteria for the insurers to match the offering of the cyber insurance products and work towards the development with active partnering towards the IT security of the companies and development of products. The direct improvement of the security standards with the cyber insurances is important where the events are based on the large-scale securi ty breach (Meland et al., 2017). The insurance also provides a complete smoothening of the operations and the mechanisms which comes for the recovery from different major losses (Chase et al., 2017). This also help the business to return to the normalised and reducing needs for the proper government assistance. The insurance also helps the cyber security risks for the easy distribution process where the costs of premiums works on commensuration with the size of loss from such risks. This tends to avoid any dangerous concentrations of risks with prevention of free-riding as well. In order to work on different obstacles there is a need to work on achieving maturity with absence of reliable actuarial data for computing the insurance premiums. The decision makers tend to contribute to the little demands with the legal and the procedurals standards set to identify the generation of cyber insurance (Romanosky et al., 2017). The aspects are related to claim about the compensation for the damages where entities are about considering the cyber insurance which needs to undergo the invasive security evaluation procedures with revealing of the IT infrastructures. The witness is about the vulnerabilities and attacks with improvement in defining the security standards (Floridi, 2017). Types of Cyber Insurance The hacksurance works over the cyber-attacks and then handling the hacking attacks. The theft and fraud tend to cover the destruction or the loss of the policyholder data with the major results of the criminal cyber events. This also includes the theft and the transferring of the funds (Wang, 2017). Business interruption covers the lost income with related costs where the policy holders tend to conduct the business due to the cyber events or the loss of data. The extortion is about providing a proper coverage of the costs which are associated to the investigation of the threats with committing to the cyber-attacks as well (Doherty et al., 2017). This is mainly against the policyholder system where the payments are for the extortionists who tend to threaten for obtaining and then disclosing all the information which is sensitive. The reputation insurance is against the attacks mainly and the defamation. The computer data loss and the restoration tend to cover the physical damage with the loss of use, computer related assets with the costs of retrieving and restoring the data. the information is destroyed or damaged mainly with the cyber-attack factors (Lu et al., 2017). Needs of cyber-insurance This works over the infrastructure where the users and the services are offered on the computer networks with wider variety of the risks which have been posed by the threats. This also includes the distributed denial of service attacks, intrusions, hacking, phishing, worms, viruses and spams. The counter of the risks is posed by the threats where the network users have resorted to the antivirus and the anti-spam software, firewalls and the intrusion detection systems. There are add-ons for reducing the likelihood which is being affected mainly by threats. The consideration is about the research efforts which are being centred for the development and the deployment of the tools (Hoang et al, 2017). Here, the techniques are set to detect the threats as well as the anomalies which are to protect the cyber infrastructure as well. The users are working over the negative impacts of the anomalies. The improvement in the techniques of risks protection are mainly due to the setup of the hardware, software and the other cryptographic methods where it is not possible to properly achieve the perfect cyber security protection (Petratos et al., 2017). The major reasons for the same are: The scarcity of the existence with the sound technical solutions. The difficulty is about the designing of the solutions along with catering to the different needs and intentions that is set for the attack on the network. Here the misalignment of the incentives is mainly between the network users with security products that is for the regulatory authorities. The users of the network work over the advantage where the positive security effects are generated by the other users with the investment in security. They are not mainly investing in security or resulting in the free-riding problems (Kuru et al., 2017). The customer lock-in and the first mover effects are the needs of cyber insurance where there is a need to track the vulnerable security products. The liability is set with the user naiveness with optimisation of the exploiting of feature benefits of technical solutions. The standards are set for the risks mitigation where there is a need to work over the alternative methods with risks management in cyberspace. The highlights are about the importance to improve the current state of cyber security. The check is over the needs to reduce the cyber threats which are being resilient to them (Sanguinetti et al, 2017). The security research has been identified with potential tool that is effective for the risks management. The cyber insurance is the best risks management technique which is set over the network to handle the user risks that could easily be transferred to the insurance company (low, 2017). For this, in return, there is an insurance premium which has been used, where the examples for the same are the potential cyber insurers who tend to include the ISP, Cloud provider and the traditional insurance organisation. The belief is about the designing of the contracts which have a proper shift in the amounts related to the self-defence with the liabi lity that is given to the clients. The self-defence is also applied to the network for the security of the system. The proponents are applied to the efforts by the network user to secure the system and handle the anti-virus and the anti-spam software, firewalls and the security of operating systems. The potential is mainly about the marketing of solutions which could easily align to the economic incentives and work over the insurers who work for the policy makers, security software vendors etc (Zhang et al., 2017). They tend to earn profit with pricing premiums along with the network users who tend to seek for the potential loss and working over buying the insurance and investing over the self-defence mechanisms. The policy markers tend to ensure about the increased network security and the security software vendors can also work over the increased product sales through forming of alliances with other cyber insurers (O Rourke, 2017). Issues in the Systems The issues of the target risks are related to the risks management where the current cyber networks can set the link to the market failure. There are properties related to correlated risks and the asymmetries between the insurers and the insured standards. The information security has a major negative effect on the environment where there are other issues related to the inability for users to distinguish between high and the low risks patterns (Shah, 2016). They are mainly to undertake the patterns which have an adverse effect on the loss probabilities where after the insurance contract is signed for the moral hazard problems. The challenge is about the interdependency and the correlated nature of the cyber risks where there are other cyber insurance standards that tend to differentiate between the traditional insurance scenarios. They work over the forms, where the large distributed systems like internet holds the risks span with the larger set of nodes that are correlated (Tarr, 20 17). Here, the user investments are in the security mainly to counter the risks with generating the positive externalities for the other users as well. The aim is about the enabling of the users and working over the internalisation and externalities in the network (Young et al, 2016). Here, the network users work over optimising the investments in solutions for security where the alleviation of the moral hazards is about improving the network security as well. The aim of the cyber security insurance is to focus on enabling the individual users to internalise and work over the risks spans which are small. The uncorrelated forms and standards are generated by the user investments in safety which are found to be much easy as well. As per the investigations, it involves the different services of the third-party security firm where the coordination is mainly with law enforcement and the FBI (Biener et al., 2018). The business loss with the cyber insurance policies need to include the items related to cover the errors and omissions policy. The errors are mainly due to the negligence and the other monetary losses which have been experienced by the network downtime, business interruption etc. Hence, the privacy standards and the notification need to work over the customers and the other affected parties which will help in monitoring the credits for the customers where the information is also about whether the data is breached or not (Stephens et al, 2017). The lawsuits and the extortion of data includes certain legal expenses which are associated to the release of confidential information and intellectual property standards, where the legal settlements and the regulatory standards include the costs of the cyber ext ortion like the ransomware. Here, it is important to focus on the cyber risks changes with the organisations that need to focus on the breach to avoid any type of the negative standards or damage the trust of the customers. The limited data standards need to also determine about the financial impact of attack with the risks related to the cyberattacks. For looking over the cyber insurance policies, it is important to check over the stand-along applications and the customisation forms in the organisation. Here, there is a possibility to compare all types of deductibles which are for the health, wealth and the policies of facility (Kesan et al., 2017). The coverage and the limits are determined for the organisation to focus on the failure and the targeted attacks against any type of organisation. The cyber insurance need to focus on assessing the vulnerability with creating a cyber risks profiles that tend to follow the best practices and enable the defences with controls that protect against the attacks as much as possible. With this, the education of the employees is mainly in the form of security awareness which is for the phishing and the social engineering. Hence, it is important for the organisations to work over the assessments with the threat intelligent services that are set for the zero day and the targeted attacks to engage the services with the ethical hackers. This tend to reveal the risks of the security weakness as well (Halpern et al., 2017). Current work There have been different changes in the market, where cyber insurance works over the free riding behaviour of the internet users without any major presence of the cyber-insurance. It also includes the works where there are benefits related to incentivizing the internet users to properly invest in security standards. The work address is about the restricted market types where there is no major model information asymmetry for the work. The cyber insurance is mainly insufficient, but they are important for handling and adopting to the different policies which are for the insurance by the users. The proof of the inefficiency is set with the correlated standards and the risks where the efficient markets are under the stage of premium discrimination. As per the standards of the premium volume which is set for the insurance companies who have been not able to enter the market for the cyber exposure (lu et al., 2017). The cyber insurance covers the first party loss and the third party claims as well where the generalised liability insurance is to work over the property damage. Here, Sony has been caught in PlayStation hacker breach with the harder costs which was about $171M that could have been a major offset by the cyber insurance. Now, there was a proper court case to define about the policies of Sony which only covered for the physical damage of the property and not the cyber damages. Hence, for this, the costs are also based on organisation industry with the different types of services which requires the data risks and exposure evaluation. The examples are related to the premiums which range from $800 to $1200 for the consultants, preparers of the tax and the other small organisations with different revenues in millions. To work over the creation of cyber risk profile, there is a need to evaluate the different lists of expenses which needs to cover the events that determine the costs for the third party (Chase et al., 2017). The insurers also provide the calculator about the websites and the evaluation is about the lists of coverage and the estimate costs. The cyber and privacy insurance is mainly set with the technology errors where the protection of the providers for the technology like the computer software and hardware manufacturers is about storing the corporate data based on the off-site basis. The policies are related to the website media content with property exposures that comes from interruption of business, loss of data and the destruction. The computer fraud and the loss of the funds transfer is also considering a major issue with cyber extortion that works with the firms customer personal information like the Social Security or the credit card numbers. The policies are related to credit monitoring with notification costs that are mainly to defend the claims for the state regulators, fines and the penalties. This leads to the loss that results from the ident ity theft. The hampering of the development is completely inadequate where there is a major disclosure of the cyber-attacks where the released information impacts the financial performance. As per the malware incident in 2017, it was seen that Reckitt Benckiser worked over the released information over the cyber-attacks. This would have a major impact on the financial performance that tends to analysts who believe that the trend for the companies is transparent with the data that comes from the cyber incident (Chase et al., 2017). The standards are set to hold the premiums with the growth from $2 billion to $20 billion by 2025. Here, the market immaturity and the lack of standardisation are major reasons that need to take care of the cyber products with the insurance worlds. For this, there is a need to focus over the exposures where the landscape and the capacity are available depending upon the standards. The technology, social media and the transactions keep on changing with the roles where the organisations works over the conducting of the business. The risks are related to the avoid, accept, control and transfer depending upon the risks when it comes to cyber insurance (Pal et al., 2017). Conclusion It has been seen that the threat intelligence and the ethical hacking services are difficult to handle. Hence, there is a need to focus over the investments where the assessment of vulnerability tool is to determine about the penetration with probing any external network defences. This is set for the insurance coverage which is standardised to hold and work on requesting the audits of the organisation process and governance (Hoang et al., 2017). This is a major condition for coverage where the business case for the cyber insurance is to maintain the customer information and collect the online payment information with complete safety and security. References Biener, C., Eling, M. and Wirfs, J.H., 2018. Insurability of cyber risk.Methodology, p.9. Breton, L., 2017, July. Risky Cyber Security:'7012'Regulations Federally-Driven Inhibitor to Resilience within the Defense Industrial Base-A Position Paper. InSoftware Quality, Reliability and Security Companion (QRS-C), 2017 IEEE International Conference on(pp. 285-288). IEEE. Chase, J., Niyato, D., Wang, P., Chaisiri, S. and Ko, R., 2017. A Scalable Approach to Joint Cyber Insurance and Security-as-a-Service Provisioning in Cloud Computing.IEEE Transactions on Dependable and Secure Computing. Doherty, J. and Watson, M., 2017. CYBER AND THE C-SUITE.Risk Management,64(6), p.30. Floridi, L., 2017. The Unsustainable Fragility of the Digital, and What to Do About It.Philosophy Technology,30(3), pp.259-261. Halpern, P. and Edelman, R., 2017. US Investment Funds: Public and Private Response to Cyber Risk.The Journal of Investing,26(1), pp.104-116. Hoang, D.T., Wang, P., Niyato, D. and Hossain, E., 2017. Charging and discharging of plug-in electric vehicles (PEVs) in vehicle-to-grid (V2G) systems: A cyber insurance-based model.IEEE Access,5, pp.732-754. Kesan, J.P. and Hayes, C.M., 2017. Strengthening Cybersecurity with Cyber Insurance Markets and Better Risk Assessment. Kuru, D., Kuru, D., Bayraktar, S. and Bayraktar, S., 2017. The effect of cyber-risk insurance to social welfare.Journal of Financial Crime,24(2), pp.329-346. Low, P., 2017. Insuring against cyber-attacks.Computer Fraud Security,2017(4), pp.18-20. Lu, X., Niyato, D., Jiang, H., Wang, P. and Poor, H.V., 2017. Cyber Insurance for Heterogeneous Wireless Networks.arXiv preprint arXiv:1709.07198. Meland, P.H., Tndel, I.A., Moe, M. and Seehusen, F., 2017, September. Facing Uncertainty in Cyber Insurance Policies. InInternational Workshop on Security and Trust Management(pp. 89-100). Springer, Cham. O'Rourke, M., 2017. The cyber insurance obstacle course.Risk Management,64(3), pp.52-53. Pal, R., Golubchik, L., Psounis, K. and Hui, P., 2017. Security Pricing as Enabler of Cyber-Insurance A First Look at Differentiated Pricing Markets.IEEE Transactions on Dependable and Secure Computing. Petratos, P., Sandberg, A. and Zhou, F., 2017. Cyber Insurance.Handbook of Cyber-Development, Cyber-Democracy, and Cyber-Defense, pp.1-28. Romanosky, S., Ablon, L., Kuehn, A. and Jones, T., 2017. Content Analysis of Cyber Insurance Policies: How do carriers write policies and price cyber risk?. Sanguinetti, L., Alpcan, T., Ba?ar, T., Bennis, M., Berry, R.A., Huang, J. and Saad, W., 2017. Guest Editorial Game Theory for Networks, Part II.IEEE Journal on Selected Areas in Communications,35(3), pp.529-533. Shah, A., 2016. Pricing and Risk Mitigation Analysis of a Cyber Liability Insurance using Gaussian, t and Gumbel CopulasA Case for Cyber Risk Index. Stephens, J.F. and Tilton, M.W., 2017. LAWYERS STILL LAG BEHIND IN NETWORK AND INFORMATION SECURITY RISK MANAGEMENT: CLIENTS AND REGULATORS DEMAND MORE.The Brief,46(4), p.12. Tarr, M., 2017. Law Firm Cybersecurity: The State of Preventative and Remedial Regulation Governing Data Breaches in the Legal Profession.Duke L. Tech. Rev.,15, pp.234-327. Wang, S., 2017. Executive SummaryIntegrated Framework for Information Security Investment and Cyber Insurance. Wang, S., 2017. Integrated Framework for Information Security Investment and Cyber Insurance. Young, D., Lopez, J., Rice, M., Ramsey, B. and McTasney, R., 2016. A framework for incorporating insurance in critical infrastructure cyber risk strategies.International Journal of Critical Infrastructure Protection,14, pp.43-57. Zhang, R., Zhu, Q. and Hayel, Y., 2017. A Bi-Level Game Approach to Attack-Aware Cyber Insurance of Computer Networks.IEEE Journal on Selected Areas in Communications,35(3), pp.779-794.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.