Abstract
Several firms face attacks by multiple types of
hackers with type dependent losses during a multiple period planning horizon.
It is possible for a hacker that failed to breach the system in a period and
decided to try breaching the system again in the next period. At the beginning
of the planning horizon, each firm decides on the level of investment for cyber
security counter measures. An insurer offers multiperiod cyber insurance
coverage to firms with risk averse
decision makers. The cyber insurance premium offered depends on the cyber
security implemented at the firm. We address the software monoculture issue by
assuming that the common or popular software used by all firms is a source of
correlated risk. Two types of cyber security interdependence breaching process
due to the software monoculture risk were analyzed. For each period, we derive
the mean and variance for several performance measures of interest, including
the number of breaches. It enables us to develop the multiple period cyber
insurance pricing model. We show that the mean and variance for the number of
breaches and our pricing formula converge to the long run averages
geometrically. We demonstrate the usefulness of our model through numerical
examples.
