Abstract
Cybersecurity risk has attracted considerable attention in recent decades. However, the modeling of cybersecurity risk is still in its infancy, mainly because of its unique characteristics. In this study, we develop a framework for modeling and pricing cybersecurity risk. The proposed model consists of three components: the epidemic model, loss function, and premium strategy. We study the dynamic upper bounds for the infection probabilities based on both Markov and non-Markov models. A simulation approach is proposed to compute the premium for cybersecurity risk for practical use. The effects of different infection distributions and dependence among infection processes on the losses are also studied.
Correction Statement
This article has been corrected with minor changes. These changes do not impact the academic content of the article.
Acknowledgments
The authors are very grateful to two anonymous referees and the members of the Project Oversight Group for their insightful and constructive comments, which led to this improved version of the study.
Discussions on this article can be submitted until January 1, 2020. The authors reserve the right to reply to any discussion. Please see the Instructions for Authors found online at http://www.tandfonline.com/uaaj for submission instructions.
Notes
1 Most of the discussion is motivated by the suggestions from a referee.
2 The data set can be downloaded from http://snap.stanford.edu/data/.