Cost Reduction Strategy for Cybersecurity Risk Management and Risk Transfer to Insurance in Financial Industry
The rapid development of Web technologies has driven a broad implementation of network-based applications in the financial industry, as well as resulted in a variety of cyber risks throughout the domain. As one of the risk management solutions, cybersecurity insurance (CI) is an alternative solution for dealing with cybersecurity risk in the financial industry by transferring some of the risk burden to an insurance company. It has become a popular approach for compensating some of the financial loses of cybersecurity events.^ However, the cost of cybersecurity insurance also leads to a heavy financial burden, which also affects risk mitigations when it is applied. The major problem is the difficulty of maximizing insurance returns by selecting insured items in terms of their demands under the certain financial budget.^ The problem of the research is to find an adaptive approach for financial service institutions to achieve an efficient and effective cybersecurity risks transfer by using cybersecurity insurance under a firm financial budget. The difficulties address few aspects, including understanding cyber incidents and their threats levels, cognizing the relationships between cyber incidents, cybersecurity insurance items, and making decisions on selecting insurance items considering both financial costs and insurance demands.^ To address the issues above, this dissertation concentrates on the problem of maximizing the cybersecurity insurance returns in terms of the available funds. ^ The main contributions of this work are threefold; First, we perform feasibility study starting with proposing a novel secure big data cyber incident analytics framework based on the survey, which is designed to produce a strategy map for implementing cybersecurity insurance under a certain financial constraint; second, we develop an approach using cyber incident classification for ontology-based knowledge representation, which is supported by semantic cyber incident classification model; finally, we create a new approach of risk prediction model based on decision tree method for information classification.^ The research solves the problem of cybersecurity insurance plan generation by developing a cost reduction strategy with Greedy algorithm run through two rounds of greedy to obtain cost effective plan with higher cyber risk weight. We implement experimental evaluations to prove the effectiveness and performances and the results show that our proposed framework and models are feasible for practical deployments.^
Elnagdy, Sam Adam, "Cost Reduction Strategy for Cybersecurity Risk Management and Risk Transfer to Insurance in Financial Industry" (2017). ETD Collection for Pace University. AAI10261015.