Friday, 18 October 2019: 9:00 AM
The expansion of information technology in everyday reality through the spread of social networks and mobile devices, emerging technologies such as cloud services and the internet of things (IoT), has led to increased vulnerability for individuals and businesses. Individuals can suffer fraud, identity theft, embarrassment and distress when critical information (such as financial or sensitive personal data) is compromised or even publicly revealed, as a result of a cybercrime. The increase of cyber risks impacts both individuals and entities, such as businesses and governments and renders cyber insurance more necessary with the passage of time. Under this framework, in the earlier stages of our research we hypothesized that cybercrime incidents are comparable to physical life incidents, in the sense that each cyber-attack results in the total loss of digital information. The latter is equivalent to the digital death of the affected individual, which is the analogous to physical fatality. We have thus priced the cost of cybercrime in a way that resembles the calculation of the burning cost of a life insurance policy. However, when multiple such incidents can occur, treating a cyber-attack as an illness, would be more realistic in estimating its cost as an insurance premium. In this paper, we consider that multiple incidents are possible during the (digital) life of an individual, trying to mimic physical illness insurance-based actuarial pricing techniques to evaluate the cost for offering financial protection against multiple cyber-attacks. This means that we apply the pricing methods that are used to price health insurance; this for example can be done with the use of morbidity tables. Illness as opposed to fatality (death) can occur several times within the lifetime of an individual and the same can happen during his or her digital life. In other words, he or she may suffer several cyber-attacks (digital illnesses) and yet survive, in terms of digital life. The use of survival functions or mortality tables was introduced in the earlier phases of our research. In this paper, the parallelism of cyber-attacks with (digital) illness seems reasonable so as to apply health insurance valuation techniques. Consequently, this approach further advances the research on cyber insurance valuation and development.