cybeco supporting cyberinsurance from a behavioural
play

CYBECO: Supporting Cyberinsurance from a Behavioural Choice - PowerPoint PPT Presentation

May 05, 2023 •372 likes •820 views

CYBECO: Supporting Cyberinsurance from a Behavioural Choice Perspective Lorentz Cyberinsurance Open Day March 27, 2019 Objective Research and develop a framework for managing cybersecurity risks, focused on cyberinsurance as key risk

  1. CYBECO: “Supporting Cyberinsurance from a Behavioural Choice Perspective” Lorentz Cyberinsurance Open Day March 27, 2019

  2. Objective ➢ Research and develop a framework for managing cybersecurity risks, focused on cyberinsurance as key risk management treatment ➢ How? ✓ By transferring risk of the insured companies to the insurance provides ✓ By providing incentives for improving security

  3. Challenges ➢ Lack of data => incomplete overall risk picture => inability of insurance companies to design their offerings ➢ Companies deciding on whether to buy cyberinsurance or not

  4. Activities ➢ Develop a cybersecurity risk management model ✓ Intentionality of adversaries ✓ Cyberinsurance in the risk management portfolio ✓ Structured expert judgement methodologies for little data ✓ Cyber security behavioural and psychological findings ➢ Develop a decision support tool, the CYBECO Toolbox implementing the modelling framework ➢ Conduct behavioural experiments to validate the models and tool ➢ Provide policy recommendations to cover policy gaps

  5. Cyber Insurance Ecosystem & Policy Recommendations Kate Labunets & Wolter Pieters TU Delft

  6. Our goal • What could be optimized in cyber insurance governance? • Our approach is to identify – cyber insurance stakeholders, – their relations, – their goals, and – policy measures.

  7. Reinsurance Research results provider Cover part of insurer's Research clients losses Interests of insurers Provide results (e.g., insurance federation) Policy recommendations Compliance with Request for a specific Insurance regulations expertise Insurer Expert regulator y c i l po e at ns s due to cyber risk Negoti Cover losses e itio Pay premiums Collect necessary d g n co n data a Insurance h Policymaker c y broker A d vi ce o n cyb er c i nsu ran c e o f f e rin g s i S e c u r i ty s e r v i c es f o r ol P i n s urer and i t s c l i e n t s Provide security services Sector Security Company provider regulator Invest in security controls Compliance with regulations Interests of consumers Interests of companies Provide (e.g., consumer rights (e.g., SME association) product/service supervisory authority) Damage or steal Vendor company's assets Provide Consumer product/service Threat

  8. Actors’ objectives toward cyber insurance • Companies – Get advice on security investments – Cover possible losses related to cyber risk – Help with incident response • Brokers – Provide high quality advice about cyber risks – Make profit • Insurance providers – Increase market share – Have better actuarial data – Profitable business • Regulator/government – Increase overall level of security – Resilient ecosystem

  9. Policy measures 1 • Wider adoption – Legislation creating a financial cost to cyber events – Raise awareness about gaps in traditional insurance products – Governments to exercise their procurement power to support market development – Mandate insurance for organisations in certain industries • Defining coverage – Encourage the use of cyber exclusions in non-cyber policies – Standardise wording of cyber insurance policies – Provide certification for acts of cyber war or terrorism 1 Woods, D. and Simpson, A., 2017. Policy measures and cyber insurance: a framework. Journal of Cyber Policy , 2 (2), pp.209-226.

  10. Policy measures • Data collection – Standard data formats for assessment or claims process – Minimum standards for data collection in assessment process – Government collects high-level data on the insurance market • Information sharing – Make data held by government agencies available – Open up access to existing information-sharing initiatives – Mandate other organisations to make data available – Government to create a cyber incident data repository

  11. Policy measures • Best practices – Government can define information security best practice – Lead organisations to best practice through regulation – Clarify liability related to insurers giving security advice • Catastrophic loss – Government to act as insurer of last resorts • Collect funds ex-ante or ex-post • Joining scheme is optional or mandatory • Premium priced according to underlying risk or priced according to amount of insurance sold • Upper limit on the amount the government will cover • Upper limit on the amount one insured can claim

  12. Mapping goals and policy measures

  13. CYBECO models for cyber security risk management David Rios (CSIC-ICMAT)

  14. Cyber security risk management

  15. Cyber security risk management

  16. Cyber security risk management

  17. CYBECO security risk management • Intentionality. Modeling attackers through Adversarial Risk Analysis (robustness, ‘ smoothness ’, improved forecasts) • Structured expert judgement when data unavailable • Cyber insurance • Constraints • Preference models • Templates, Parametrised models, Catalogs • Sensitivity analysis

  18. Cyber security risk management

  19. Cyber security risk management

  20. Cyber security risk management

  21. Cyber security risk management

  22. Cyber security risk management Parametrised models

  23. Other relevant issues • Implementing computations • Insider threats • Third parties • Building the forecasting models • Turning this into a DSS tool • Behavioral aspects • Cyber risk management cycle

  24. Other models or model uses • Pricing. Maximum price • ROSI • Market segmentation • Granting an insurance • Reinsurance

  25. CYBECO Toolbox Vassilis Chatzigiannakis (Intrasoft International) Aitor Couce Vieira (CSIC-ICMAT)

  26. CYBECO Toolbox scope • Web-based information and consultancy tool that includes decision-support elements • It facilitates decisions about IT security investments • It is based on the results of the CYBECO research and modeling tasks • Summarizes the most important recommendations for the design, implementation, monitoring, evaluation and exploitation of the CYBECO models • Enables policy makers, insurance operators and interested enterprises • to obtain easy access to information on relevant concepts of cybersecurity insurance, • to provide them with a framework of analysis and feedback provisioning on the details of the deployment of the CYBECO models in real world settings

  27. CYBECO Toolbox features • Can be used by non-experts • Is translating the Adversarial Risk Assessment models into a system of algorithms • Provides support for three modes of Risk Analysis • Is supported by a Knowledge Base that: • Contains hierarchical taxonomies of entities used in the Risk Analysis Cases • Contains information about related cybersecurity entities such as threats or security controls. • All entities in the KB are interconnected

  28. Supported Risk Analysis Cases • Knowledge Base Risk Analysis Case options and results are stored in the Pre-simulated DB. results Computation speed Complexity • Calculation-based Risk Analysis Semi-simulated Cases : options, and partial results, results are stored in the DB, final results are calculated dynamically. Fully simulated • R-based Risk Analysis Templates : results runs simulation on demand in the background and notifies the user when results are ready.

  29. CYBECO Toolbox demonstration Presented Risk Analysis Case: • A single SME facing cybersecurity risks . Goal: – To choose the optimal cyber security portfolio and cyber insurance product.

  30. The behavioural-experimental approach Devstat (José Vila) & Northumbria University (Pam Briggs)

  31. The role of psychological theory and behavioural economics in promoting cybersecurity ➢ Psychological theories can help explain behaviour and decision making around cybersecurity, and identify factors influencing insurance uptake ➢ Combined with behavioural economic experiments , this provides a strong scientific method to study how participants make security decisions Cybersecurity Technical Component Human Behavioural Component

  32. The human behavioural component … Traditional approach BUT … human behaviour Assumes humans are always (including decision conscious, logical making) is not always logical! decision makers

  33. Protection-Motivation Theory SEVERITY : If my online data/accounts were hacked, it would be severe VULNERABILITY : My online data/accounts are at risk of being compromised RESPONSE EFFICACY: Insurance is an REWARDS OF NOT HAVING INSURANCE / effective method to protect against loss COSTS OF INSURANCE: Insurance is financially costly for me SELF-EFFICACY: Taking the necessary Insurance is not worth it security measures is entirely under my Setting up insurance would require too much from me control

  34. The human behavioural component … CYBECO economic experiments address this in three ways: Experiment 1: Testing the model Experiment 2: Testing the toolbox ● ● Behavioral insights to support Usability of CYBECO toolbox design of cyberinsurance ● Nudging SMEs towards optimal products protection & cyberinsurance ● Information to produce a ‘ behavioural version ’ of the Experiment 3: Belief formation CYBECO model ● Supporting believe formation in adversarial cyberinsurance models

Recommend

Supporting Cyberinsurance from a Behavioural Choice Perspective Dr. Katsiaryna (Kate) Labunets 1

Supporting Cyberinsurance from a Behavioural Choice Perspective Dr. Katsiaryna (Kate) Labunets 1

Supporting Cyberinsurance from a Behavioural Choice Perspective Dr. Katsiaryna (Kate) Labunets 1 Outline Who am I? Definitions Project details Research questions 2 Dr. Kate Labunets MSc in Mathematics PhD Candidate

969 views • 43 slides
Supporting Behavioural Change in Parents Using Motivational Interviewing 1 Case Example Kit is

Supporting Behavioural Change in Parents Using Motivational Interviewing 1 Case Example Kit is

MODULE 4 Supporting Behavioural Change in Parents Using Motivational Interviewing 1 Case Example Kit is a 35-year old woman in a stable relationship with a young child aged 18 months. She is also pregnant in her second trimester right now.

389 views • 26 slides
OUR PROPOSITION evidence-based Supporting: behavioural science to help you cultivate

OUR PROPOSITION evidence-based Supporting: behavioural science to help you cultivate

OUR PROPOSITION evidence-based Supporting: behavioural science to help you cultivate You skills to allow you to Other people be the person youd Organisations like to be more often Leaders 2 2 WHY? Our

410 views • 15 slides
GDPR is here. Is your cyberinsurance ready? By James E. Scheuermann, Esq., Lucas J. Tanglen, Esq.,

GDPR is here. Is your cyberinsurance ready? By James E. Scheuermann, Esq., Lucas J. Tanglen, Esq.,

THOMSON REUTERS GDPR is here. Is your cyberinsurance ready? By James E. Scheuermann, Esq., Lucas J. Tanglen, Esq., and Reymond E. Yammine, Esq., K&L Gates AUGUST 3, 2018 The European Unions General Data Protection Regulation, Violations

320 views • 4 slides
Supporting Aged Care Nursing Staff to Manage Behavioural and Psychological Symptoms of Dementia:

Supporting Aged Care Nursing Staff to Manage Behavioural and Psychological Symptoms of Dementia:

Faculty of Health Supporting Aged Care Nursing Staff to Manage Behavioural and Psychological Symptoms of Dementia: iSeeBehaviour. Dr Lisa Clinnick ACU/Ballarat Health Services Professor Britt Klein - FedUni Associate Professor Andrew

221 views • 20 slides
Behavioural Supports Ontario Supporting Older Adults with Responsive Behaviours Dana Vladescu-

Behavioural Supports Ontario Supporting Older Adults with Responsive Behaviours Dana Vladescu-

Behavioural Supports Ontario Supporting Older Adults with Responsive Behaviours Dana Vladescu- HNHB BSO Community Outreach Team Manager Terri Glover- HNHB BSO LTC Mobile Team Manager Kathy Peters- HNHB BSO Coordinator January 28, 2015 Agenda

400 views • 36 slides
What is really behavioural in behavioural health policy? Matteo M Galizzi

What is really behavioural in behavioural health policy? Matteo M Galizzi

What is really behavioural in behavioural health policy? Matteo M Galizzi m.m.galizzi@lse.ac.uk LSE Behavioural Research Lab LSE Health and Social Care Department of Social Policy Centre for the Study of Incentives in Health Paris School

1.45k views • 116 slides
ENHANCING BEHAVIOURAL INSIGHTS TO CREATE SUSTAINBLE BEHAVIOURAL CHANGE AT WORK Date: 16 TH APRIL

ENHANCING BEHAVIOURAL INSIGHTS TO CREATE SUSTAINBLE BEHAVIOURAL CHANGE AT WORK Date: 16 TH APRIL

ENHANCING BEHAVIOURAL INSIGHTS TO CREATE SUSTAINBLE BEHAVIOURAL CHANGE AT WORK Date: 16 TH APRIL 2020 Presenter: ISAAC PETER CEO & Principal Consultant ENHANCING BEHAVIOURAL INSIGHTS TO CREATE SUSTAINBLE BEHAVIOURAL CHANGE AT WORK

449 views • 32 slides
AFR RETAIL SUMMIT AFR RETAIL SUMMIT PARALLELS GFC TO NOW BROADER BEHAVIOURAL SHIFTS LONG TERM

AFR RETAIL SUMMIT AFR RETAIL SUMMIT PARALLELS GFC TO NOW BROADER BEHAVIOURAL SHIFTS LONG TERM

AFR RETAIL SUMMIT AFR RETAIL SUMMIT PARALLELS GFC TO NOW BROADER BEHAVIOURAL SHIFTS LONG TERM STEP CHANGE FOR RETAIL SPEND MILLENNIALS AND GEN Z RETAIL AND RETAIL AND CUSTOMER INSIGHTS SUPPORTING MERCHANTS Afterpay Day sale: biggest on

612 views • 24 slides
Applying Behavioural Insights to Public Policy Simon Ruda Outline 1. What are behavioural

Applying Behavioural Insights to Public Policy Simon Ruda Outline 1. What are behavioural

Applying Behavioural Insights to Public Policy Simon Ruda Outline 1. What are behavioural insights? 2. Who are the Behavioural Insights Team? 3. How can we apply behavioural insights to public policy? What are Behavioural Insights?

626 views • 51 slides
Lexico-grammatical Features of the Behavioural Process 1 L U C Y C H R I S P I N C A R D I F F

Lexico-grammatical Features of the Behavioural Process 1 L U C Y C H R I S P I N C A R D I F F

An Investigation into the Lexico-grammatical Features of the Behavioural Process 1 L U C Y C H R I S P I N C A R D I F F U N I V E R S I T Y Outline 2 Overview of Systemic Functional Linguistics (Halliday 1994) and the Behavioural

618 views • 29 slides
Bisimilarity and Behavioural Equivalences Lus Soares Barbosa HASLab - INESC TEC Universidade

Bisimilarity and Behavioural Equivalences Lus Soares Barbosa HASLab - INESC TEC Universidade

Bisimilarity and Behavioural Equivalences Lus Soares Barbosa HASLab - INESC TEC Universidade do Minho Braga, Portugal February 2019 Behavioural equivalences Similarity Bisimilarity Observable behaviour Behavioural Equivalences

541 views • 53 slides
Supporting Residents Expressing Responsive Behaviours at Home, Hospital, and LTC HNHB LHIN

Supporting Residents Expressing Responsive Behaviours at Home, Hospital, and LTC HNHB LHIN

Supporting Residents Expressing Responsive Behaviours at Home, Hospital, and LTC HNHB LHIN Behavioural Supports Ontario Strategy Family Council Network Four (FCN-4) Regional Meeting June 29, 2017 Objectives Background on BSO Strategy in

697 views • 37 slides
BFFF Birmingham Roger Martin-Fagg behavioural economist Mainstream vv Behavioural Economists

BFFF Birmingham Roger Martin-Fagg behavioural economist Mainstream vv Behavioural Economists

ECONOMIC UPDATE MARCH 2017 BFFF Birmingham Roger Martin-Fagg behavioural economist Mainstream vv Behavioural Economists Economic man Emotional man Rational Instinctive 20% 80% System 2 System 1 Daniel Kahneman Thinking fast, Thinking

890 views • 32 slides
Using behavioural experiments to identify consumer problems in markets: Partitioned pricing

Using behavioural experiments to identify consumer problems in markets: Partitioned pricing

Using behavioural experiments to identify consumer problems in markets: Partitioned pricing practices Office of Fair Trading Economic Seminar Series 14 th January 2014 Dr Charlotte Duke Presentation outline How we use behavioural

287 views • 26 slides
RISK ASSESSEMENT supporting TEST supporting supporting supporting supporting REAGENTS RISK

RISK ASSESSEMENT supporting TEST supporting supporting supporting supporting REAGENTS RISK

TEST IDENTIFICATION:________________________________ LOCATION (SITE/DEPARTMENT):________________________________ RISK ASSESSEMENT supporting TEST supporting supporting supporting supporting REAGENTS RISK RISK OPERATORS RISK SPECIMEN

389 views • 3 slides
Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Concurrency in Go Behavioural type inference Model checking behavioural types Termination checking Summary Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker Types Transform Check safety and

681 views • 67 slides
What are the behavioural di ffi culties of children who struggle in school? Joe Bathelt, Joni

What are the behavioural di ffi culties of children who struggle in school? Joe Bathelt, Joni

What are the behavioural di ffi culties of children who struggle in school? Joe Bathelt, Joni Holmes, the CALM team, Duncan Astle Behavioural di ffi culties: An example school performance markedly below grade level learning difficulties?

1.22k views • 98 slides
behaviour and its importance in economic analysis By Tan Consilz (PhD.) Behavioural Economics

behaviour and its importance in economic analysis By Tan Consilz (PhD.) Behavioural Economics

Boundedly rational behaviour and its importance in economic analysis By Tan Consilz (PhD.) Behavioural Economics Bounded rationality Behavioural Economics The complexity of theory regarding economic decision making requires expansion

665 views • 17 slides
Health care management, health care and health: better with behavioural O.R? Geoff Royston

Health care management, health care and health: better with behavioural O.R? Geoff Royston

OR Society Special Interest Group on Behavioural Operational Research Health care management, health care and health: better with behavioural O.R? Geoff Royston Immediate Past President December 17 th 2014 The OR Societ y 1 The importance

768 views • 74 slides
Behavioural Preorders on Stochastic Systems - Logical, Topological, and Computational Aspects

Behavioural Preorders on Stochastic Systems - Logical, Topological, and Computational Aspects

Behavioural Preorders on Stochastic Systems - Logical, Topological, and Computational Aspects Thesis defence January 29, 2019 Mathias Ruggaard Pedersen Department of Computer Science, Aalborg University, Denmark M. R. Pedersen | Behavioural

1.44k views • 102 slides
Functional Design Using Behavioural and Structural Components Richard Sharp rws26@cl.cam.ac.uk

Functional Design Using Behavioural and Structural Components Richard Sharp rws26@cl.cam.ac.uk

Functional Design Using Behavioural and Structural Components Richard Sharp rws26@cl.cam.ac.uk University of Cambridge aims of this research SAFL is a Behavioural HDL Supports a functional programming style Designed for

650 views • 16 slides
Introduction to Behavioural Addictions June 19 2018 Learning Objectives 1. Describe

Introduction to Behavioural Addictions June 19 2018 Learning Objectives 1. Describe

Introduction to Behavioural Addictions June 19 2018 Learning Objectives 1. Describe behavioural addictions and their impacts 2. Recognize co-occurring issues 3. Name relevant screening and assessment tools 4. Identify

449 views • 24 slides
Modelling the information that underlies complex behavioural decisions to provide decision

Modelling the information that underlies complex behavioural decisions to provide decision

Modelling the information that underlies complex behavioural decisions to provide decision support Tom Ormerod School of Psychology, University of Sussex M2D Exeter, July 2017 Complex behavioural decisions: domain examples I. With the fall

419 views • 11 slides

More recommend