Cyber Insurance and Security Interdependence: Friends or Foes?

Cyber insurance is a cyber risk treatment option which allows transferring losses to another party for a fee. Although researchers and practitioners see cyber insurance as a desirable practice, the new market faces several practical (e.g., lack of data) and theoretical (effect of security interdependency) challenges. One of the most important questions from the cyber security point of view is whether cyber insurance is an incentive to self-protection investments. Several studies have shown that with cyber insurance available, agents are more willing to buy insurance than investing in self-protection. In this study, we investigate how security interdependence affects the incentive of agents to invest in self-protection with/without cyber insurance available to them. In particular, we are interested in comparing the investments with and without insurance available for agents when the degree of interdependence changes. In the study, we model a competitive cyber insurance market and assume no information asymmetry