Building resilience in cybersecurity: An artificial lab approach

Kerstin Awiszus; Yannick Bell; Jan Lüttringhaus; Gregor Svindland; Alexander Voß; Stefan Weber

doi:10.48550/arXiv.2211.04762

Details

Original language	English
Pages (from-to)	753-800
Number of pages	48
Journal	Journal of Risk and Insurance
Volume	91
Issue number	3
Publication status	Published - 20 Aug 2024

Abstract

Based on classical contagion models we introduce an artificial cyber lab: the digital twin of a complex cyber system in which possible cyber resilience measures may be implemented and tested. Using the lab, in numerical case studies, we identify two classes of measures to control systemic cyber risks: security- and topology-based interventions. We discuss the implications of our findings on selected real-world cybersecurity measures currently applied in the insurance and regulation practice or under discussion for future cyber risk control. To this end, we provide a brief overview of the current cybersecurity regulation and emphasize the role of insurance companies as private regulators. Moreover, from an insurance point of view, we provide first attempts to design systemic cyber risk obligations and to measure the systemic risk contribution of individual policyholders.

Keywords

complex systems, complexity economics, cyber insurance, cyber resilience, cybersecurity, economics of networks, systemic cyber risks

ASJC Scopus subject areas

Business, Management and Accounting(all)
Accounting
Economics, Econometrics and Finance(all)
Finance
Economics, Econometrics and Finance(all)
Economics and Econometrics

Cite this

Building resilience in cybersecurity: An artificial lab approach. / Awiszus, Kerstin; Bell, Yannick; Lüttringhaus, Jan et al.
In: Journal of Risk and Insurance, Vol. 91, No. 3, 20.08.2024, p. 753-800.

Research output: Contribution to journal › Article › Research › peer review

Awiszus, K, Bell, Y, Lüttringhaus, J, Svindland, G, Voß, A & Weber, S 2024, 'Building resilience in cybersecurity: An artificial lab approach', Journal of Risk and Insurance, vol. 91, no. 3, pp. 753-800. https://doi.org/10.48550/arXiv.2211.04762, https://doi.org/10.1111/jori.12450, https://doi.org/10.15488/16144

Awiszus, K., Bell, Y., Lüttringhaus, J., Svindland, G., Voß, A., & Weber, S. (2024). Building resilience in cybersecurity: An artificial lab approach. Journal of Risk and Insurance, 91(3), 753-800. https://doi.org/10.48550/arXiv.2211.04762, https://doi.org/10.1111/jori.12450, https://doi.org/10.15488/16144

Awiszus K, Bell Y, Lüttringhaus J, Svindland G, Voß A, Weber S. Building resilience in cybersecurity: An artificial lab approach. Journal of Risk and Insurance. 2024 Aug 20;91(3):753-800. doi: 10.48550/arXiv.2211.04762, 10.1111/jori.12450, 10.15488/16144

Awiszus, Kerstin ; Bell, Yannick ; Lüttringhaus, Jan et al. / Building resilience in cybersecurity : An artificial lab approach. In: Journal of Risk and Insurance. 2024 ; Vol. 91, No. 3. pp. 753-800.

Download

@article{45d8fe39bf1c4537b8df9e10f34c9b56,

title = "Building resilience in cybersecurity: An artificial lab approach",

abstract = "Based on classical contagion models we introduce an artificial cyber lab: the digital twin of a complex cyber system in which possible cyber resilience measures may be implemented and tested. Using the lab, in numerical case studies, we identify two classes of measures to control systemic cyber risks: security- and topology-based interventions. We discuss the implications of our findings on selected real-world cybersecurity measures currently applied in the insurance and regulation practice or under discussion for future cyber risk control. To this end, we provide a brief overview of the current cybersecurity regulation and emphasize the role of insurance companies as private regulators. Moreover, from an insurance point of view, we provide first attempts to design systemic cyber risk obligations and to measure the systemic risk contribution of individual policyholders.",

keywords = "complex systems, complexity economics, cyber insurance, cyber resilience, cybersecurity, economics of networks, systemic cyber risks",

author = "Kerstin Awiszus and Yannick Bell and Jan L{\"u}ttringhaus and Gregor Svindland and Alexander Vo{\ss} and Stefan Weber",

note = "Publisher Copyright: {\textcopyright} 2023 The Authors. Journal of Risk and Insurance published by Wiley Periodicals LLC on behalf of American Risk and Insurance Association.",

year = "2024",

month = aug,

day = "20",

doi = "10.48550/arXiv.2211.04762",

language = "English",

volume = "91",

pages = "753--800",

journal = "Journal of Risk and Insurance",

issn = "0022-4367",

publisher = "Wiley-Blackwell Publishing Ltd",

number = "3",

}

Download

TY - JOUR

T1 - Building resilience in cybersecurity

T2 - An artificial lab approach

AU - Awiszus, Kerstin

AU - Bell, Yannick

AU - Lüttringhaus, Jan

AU - Svindland, Gregor

AU - Voß, Alexander

AU - Weber, Stefan

PY - 2024/8/20

Y1 - 2024/8/20

N2 - Based on classical contagion models we introduce an artificial cyber lab: the digital twin of a complex cyber system in which possible cyber resilience measures may be implemented and tested. Using the lab, in numerical case studies, we identify two classes of measures to control systemic cyber risks: security- and topology-based interventions. We discuss the implications of our findings on selected real-world cybersecurity measures currently applied in the insurance and regulation practice or under discussion for future cyber risk control. To this end, we provide a brief overview of the current cybersecurity regulation and emphasize the role of insurance companies as private regulators. Moreover, from an insurance point of view, we provide first attempts to design systemic cyber risk obligations and to measure the systemic risk contribution of individual policyholders.

AB - Based on classical contagion models we introduce an artificial cyber lab: the digital twin of a complex cyber system in which possible cyber resilience measures may be implemented and tested. Using the lab, in numerical case studies, we identify two classes of measures to control systemic cyber risks: security- and topology-based interventions. We discuss the implications of our findings on selected real-world cybersecurity measures currently applied in the insurance and regulation practice or under discussion for future cyber risk control. To this end, we provide a brief overview of the current cybersecurity regulation and emphasize the role of insurance companies as private regulators. Moreover, from an insurance point of view, we provide first attempts to design systemic cyber risk obligations and to measure the systemic risk contribution of individual policyholders.

KW - complex systems

KW - complexity economics

KW - cyber insurance

KW - cyber resilience

KW - cybersecurity

KW - economics of networks

KW - systemic cyber risks

UR - http://www.scopus.com/inward/record.url?scp=85174275049&partnerID=8YFLogxK

U2 - 10.48550/arXiv.2211.04762

DO - 10.48550/arXiv.2211.04762

M3 - Article

AN - SCOPUS:85174275049

VL - 91

SP - 753

EP - 800

JO - Journal of Risk and Insurance

JF - Journal of Risk and Insurance

SN - 0022-4367

IS - 3

ER -

Research@Leibniz University

Building resilience in cybersecurity: An artificial lab approach

Authors

Research Organisations

External Research Organisations

Details

Abstract

Keywords

ASJC Scopus subject areas

Cite this