A Bonus-Malus Framework for Cyber Risk Insurance and Optimal Cybersecurity Provisioning

The cyber risk insurance market is at a nascent stage of its development, even as the magnitude of cyber losses is significant and the rate of cyber risk events is increasing. Existing cyber risk insurance products as well as academic studies have been focusing on classifying cyber risk events and developing models of these events, but little attention has been paid to proposing insurance risk transfer strategies that incentivize mitigation of cyber loss through adjusting the premium of the risk transfer product. To address this important gap, we develop a Bonus-Malus model for cyber risk insurance. Specifically, we propose a mathematical model of cyber risk insurance and cybersecurity provisioning supported with an efficient numerical algorithm based on dynamic programming. Through a numerical experiment, we demonstrate how a properly designed cyber risk insurance contract with a Bonus-Malus system can resolve the issue of moral hazard and benefit the insurer.