Sunday, 14 October 2018: 12:35 PM
Infrastructures, businesses, end-users and services offered in the digitally integrated environment are exposed to a wide range of risks such as denial of service, hacking, phishing, ransomware, viruses, etc. Consequently, along with their physical life, individuals and organizations have to secure their digital life as well. Digital threats may have a major economic impact both on the individuals and the society, through the direct loss of income and/or property or even the affected and reduced individuals’ contribution back to society and the state. The purpose of this paper is to study the effect of cyber-attacks on the economy, price the associated cost and recommend possible measures that internet service providers (ISPs) and policy makers can apply in order to mitigate these risks. In order to achieve that, we calculate the cost of cyber-attacks to an entity (individual or business) and to the economy of a country in total employing insurance (actuarial) pricing techniques. We therefore recommend insurance coverage solutions that can assist in protecting interest from cyber risks. Our goal is to try to quantify the cost (loss) caused by the digital threats (digital crime) in relation to the citizens affected by these incidents by means of insurance analytical methods, exploring coverage for the risk we investigate and measure the cost of such coverage, on the part of an Internet Service Provider (ISP) or the State. This simulates the calculation of a risk premium, as the premium is calculated taking into account only the probability of occurrence of a cyber-attack and the interest rate and not any other factors. In this context, we mimic the pricing of a policy that provides coverage for the cyber-attack under investigation in order to estimate the risk premium as well as the amount that has to be set aside to compensate for the one-off economic loss suffered by the individual, as a result of the digital attack. Here lies our contribution to the scientific research in the field of cyber security insurance, as we employ insurance-based actuarial techniques in order to quantify the relevant loss. For the numerical application we use data from the Hellenic Police (2017) database for reported cyber-attack incidents, as well as from the FBI Internet Crime Report (2017).