An insurance theory based optimal cyber-insurance contract against moral hazard

As an important method of risk control in information systems and networks, cyber-insurance has attracted particular attention from both industry and academia. However, two prominent problems hamper the further growth of cyber-insurance. The correlated and interdependent properties of cyber-risks increase the economic risk of insurance companies considerably; risk pooling can be impeded by these two properties. Further, this situation can be aggravated because cyber-insurance affects the investment for self-protection negatively. This phenomenon is regarded as the ex ante moral hazard. In this study, we establish a mathematical model based on a classic insurance theory to address the abovementioned problems, and propose an optimal cyber-insurance contract scheme that maximizes the expected utility of users. We also propose two personalized contract schemes to incentivize users to invest in self-protection under the no moral hazard and ex ante moral hazard conditions. Extensive experiments are conducted to evaluate the proposed approach, and the experimental results demonstrate the effectiveness and efficiency of the approach. © 2018