Martin P. Loeb
ˇ@
Deloitte & Touche Faculty Fellow
Van Munching Hall 3351
Robert H. Smith School of Business
The University of Maryland
College Park, MD 20742, USA
Phone: (301) 405-2209

ˇ@

Book

Managing Cybersecurity Resources: A Cost-Benefit Analysis

CYBER RISK MANAGEMENT

ˇ@

Insurance companies, designing new policies to deal with the cyber risks of information breaches, have had to address issues related to pricing, adverse selection, and moral hazard. While these issues are common to all forms of insurance, this paper examines the unique aspects associated with cyber risk and presents a framework for using insurance as a tool for helping to manage information security risk. This framework is based on the risk management process and includes a four-step cyber risk insurance decision plan.

Risk has a variety of meaning in the context of information security. The objectives of this paper are to discuss three measures that capture different aspects of information security risk and to propose a methodology that allows decision-makers to combine these (or any) different risk measures into a single composite metric.

ˇ@

ˇ@

ˇ@

ˇ@