Towards Insurable Network Architectures   . . . Abstract . . . Biography Rainer Boehme, International Computer Science Institute, UC Berkeley     4:15 PM (refreshments 4:00), Stata Center room 32-507 CSAIL Seminar -   Host: Roger Hurwitz, CSAIL -   Contact: roger hurwitz, 617-258-5261, rhhu@csail.mit.edu

Abstract

This talk reviews opportunities and challenges in establishing a market for cyber-insurance. It is argued that dealing with cyber-risks, regardless on which level (individual,organizational, national), needs some kind of risk transfer. However, lack of system diversity in network architectures imposes tight upper bounds on the supply of cyber-insurance, as homogeneous architectures share common vulnerabilities and this increases the variance of the loss distribution due to security incidents in insurers' portfolios. Hence, network architecture - and behind it the market structure of the ICT industry - is a significant factor in society's ability to manage and absorb cyber-risks. The talk outlines the basic economic models behind these arguments, presents conditions under which markets for cyber-insurance can exist, and discusses policy options to stimulate the adoption of cyber-insurance as well as possible alternative forms of cyber-risk transfer.