Conference PaperPDF Available

Towards the Insurance of Healthcare Systems

Authors:

Abstract and Figures

Insurance of digital assets is becoming an important aspect nowadays, in order to reduce the investment risks in modern businesses. GDPR and other legal initiatives makes this necessity even more demanding as an organization is now accountable for the usage of its client data. In this paper, we present a cyber insurance framework, called CyberSure. The main contribution is the runtime integration of certification, risk management, and cyber insurance of cyber systems. Thus, the framework determines the current level of compliance with the acquired policies and provide early notifications for potential violations of them. CyberSure develops CUMULUS certification models for this purpose and, based on automated (or semi-automated) certification carried out using them, it develops ways of dynamically adjusting risk estimates, insurance policies and premiums. In particular, it considers the case of dynamic certification, based on continuous monitoring, dynamic testing and hybrid combinations of them, to adapt cyber insurance policies as the conditions of cyber system operation evolve and new data become available for adjusting to the associated risk. The applicability of the whole approach is demonstrated in the healthcare sector, for insuring an e-health software suite that is provided by an IT company to public and private hospitals in Greece. The overall approach can reduce the potential security incidents and the related economic loss, as the beneficiary deploys adequate protection mechanisms, whose proper operation is continually assessed, benefiting both the insured and the insurer.
Content may be subject to copyright.
Towards the Insurance of Healthcare Systems
George Hatzivasilis1, Panos Chatziadam1, Andreas Miaoudakis1, Eftychia Lakka1,
Sotiris Ioannidis1, Alessia Alessio2, Michail Smyrlis3, George Spanoudakis3, Artsiom
Yautsiukhin4, Michalis Antoniou5, and Nikos Stathiakis6
1 Foundation for Research and Technology, Vassilika Vouton, Greece
2 Network Integration and Solutions (NIS) Srl., Genova, Italy
3 City, University of London, London, UK
4 Italian National Research Council (CNR), Naples, Italy
5 HD Insurance (HDI) Ltd., Athens, Greece
6 Center for eHealth Applications and Sevices (CeHA), Heraklion, Greece
hatzivas@ics.forth.gr, panosc@ics.forth.gr,
miaoudak@ics.forth.gr, elakka@ics.forth.gr,
sotiris@ics.forth.gr, alessia.alessio@dgsgroup.it,
Michail.Smyrlis@city.ac.uk, G.E.Spanoudakis@city.ac.uk,
artsiom.yautsiukhin@iit.cnr.it,
michalis.antoniou@hellasdirect.gr, statiaki@ics.forth.gr
Abstract. Insurance of digital assets is becoming an important aspect nowadays,
in order to reduce the investment risks in modern businesses. GDPR and other
legal initiatives makes this necessity even more demanding as an organization is
now accountable for the usage of its client data. In this paper, we present a cyber
insurance framework, called CyberSure. The main contribution is the runtime
integration of certification, risk management, and cyber insurance of cyber
systems. Thus, the framework determines the current level of compliance with
the acquired policies and provide early notifications for potential violations of
them. CyberSure develops CUMULUS certification models for this purpose and,
based on automated (or semi-automated) certification carried out using them, it
develops ways of dynamically adjusting risk estimates, insurance policies and
premiums. In particular, it considers the case of dynamic certification, based on
continuous monitoring, dynamic testing and hybrid combinations of them, to
adapt cyber insurance policies as the conditions of cyber system operation evolve
and new data become available for adjusting to the associated risk. The
applicability of the whole approach is demonstrated in the healthcare sector, for
insuring an e-health software suite that is provided by an IT company to public
and private hospitals in Greece. The overall approach can reduce the potential
security incidents and the related economic loss, as the beneficiary deploys
adequate protection mechanisms, whose proper operation is continually assessed,
benefiting both the insured and the insurer.
Keywords: Insurance, Security, Risk Analysis, Certification, E-Health,
CyberSure.
2
1 Introduction
Cyber insurance and security certification are two instruments to mitigate risk and
establish trust in the provision of a wide spectrum of services and industries ([1], [2]),
including healthcare, constructions, information and communications technology,
transportation, hospitality, and banking operations (e.g. [3], [4], [5], [6]). For several
types of them, insurance and certification are also required by current legislation and
regulations. From an insurance perspective, having cyber security certifications is a
way to demonstrate that certain security controls have been implemented according to
appropriate standards. Therefore, some insurance companies require reduced premiums
for certified products [3], [7]. Another positive effect of certification and insurance is
the enhanced trustworthiness for the services by the consumers. The increasing
importance of the digital insurance market worldwide and in Europe and the challenges
arising in it are indicated by several studies [1], [2], [8], [9].
Moreover, the use of health data has massive implications for how healthcare is
delivered and how we manage our health [4]. The whole healthcare industry is
undergoing a huge reformation, whereby access and utilization of vast amounts of data
is becoming more and more accessible. How we manage data has enormous potential
along with some large challenges for healthcare professionals, organizations that
deliver healthcare, patients, and consumers of information.
The challenge with digitization in health is how to do it safely. Last year was a
significant one for health plans when it came to data breaches and breach settlements.
For example, the largest health data breach settlement in history was paid out in 2018,
when Anthem, surrendered $16 million in fines to the Office for Civil Rights (OCR)
for the breach of 79 million patient records in 2014-2015 [10].
And at the end of the last year, OCR named three health plans among the top 10
breaches it was investigating, including one involving the alleged unauthorized access
or disclosure of 1.2 million records by the Employees Retirement System of Texas
Health Plan [11]. Also, under investigation was the CNO Financial Group for allegedly
exposing more than half a million records, by unauthorized access and disclosure.
Those health plan breaches are increasing introspection about current vulnerabilities of
protected health information. Fig. 1 summarizes the security-related incidents for e-
health that have been recorded by ENISA [12].
3
Fig. 1. Security incidents in e-health, by ENISA [12]
The overall aim of CyberSure is to develop an innovative framework, supporting the
creation and management of cyber insurance policies, and offering a sound liability
basis for establishing trust in cyber systems and services. Based on a comprehensive
risk analysis prior the certification, the evaluated organization is given advices to
improve its security. The system is certified and the insurance contracts are established.
Then, monitoring controls are deployed in the system that assess the runtime protection
status. The beneficiaries are timely notified in real operational time for potential
violations in order to take the designated actions. In case of a security-related incident,
the framework can justify in a short period what has happened, who is accountable, and
which is the compensation amount. The overall operation reduces the security breaches
and the related economic loss as the organization improves its security level in order to
be certified and can be warned proactively when the adequate policies are not followed,
benefitting the insurer as well.
The rest paper is structured as follows: Section 2 outlines the related solutions of
cyber insurance and their limitations. The evaluated healthcare system is sketched in
Section 3. Section 4 details the proposed CyberSure framework and its underlying
components. The assessment of the e-health system by CyberSure is detailed in Section
5. Finally, Section 6 concludes the results of this work.
2 Background Theory
Several studies have analyzed different types of markets (competitive, monopolistic
and oligopolistic) for cyber insurance (e.g., [13], [14]), concluding that in most cases
cyber insurance is a profitable option. However, it does not necessarily lead to
improvement of security in cases of information asymmetry and interdependency
among stakeholders [13], [15], although its positive influence on cyber protection has
been shown in other cases in practice [14], [3], [9].
4
Cyber insurance is special with respect to other types of insurance [2], [8] and faces
challenges related to its low maturity. The first of these challenges is the lack of
statistical data about the assessment of cyber security incidents [16]. One of the reasons
for this is that data about cyber security accidents are highly sensitive and, thus,
organizations avoid their disclosure. However, this issue is increasingly mitigated by
the introduction of incident notification schemes and regulations, such as the ones in
EU by ENISA
1
and in USA by US-CERT
2
.
Technological challenges for the cyber insurance market relate to the fast evolution
of systems and attacks, difficulties in identifying occurrences and impact of security
breaches, complex interdependencies amongst security properties, and information
asymmetry [2], [3], [8]. In order to enable the market achieve higher maturity, other
challenges to enable the market achieve higher maturity as well [8], [9], such as the
limited clarity of insurance coverage, the high amount of exceptions, and the
correctness of policy languages which are of a legal (rather than technological) nature.
On the other hand, despite these challenges cyber risks can still be insured [17], [18].
By relying on automated or semi-automated security certification and risk
assessment, the CyberSure project will develop a novel framework for cyber insurance.
In this framework, insurance policies can drive certification processes and be based on
the outcomes of such processes, demanding specific attention to risks to be covered and
relaxing the assessment of the risks that are not covered by the policy. The interaction
between cyber insurance and security certification will also reduce the information
asymmetry between insurers and clients. Automating cyber insurance management will
also enable the generation of statistical data about risk assessment and rates of
accidents, which will improve the maturity of the cyber insurance market.
3 The E-Health Pilot
For the e-health pilot validation, CyberSure will evaluate the Integrated Care Solutions
Medical (ICS-M) software suite
3
. In brief, the software suite is implemented by the
Center for eHealth Applications & Services (CeHA), which operates in the context of
Foundation for Research and Technology Hellas (FORTH). The software is based
upon an open, evolvable, and scalable architecture with a modular and robust
infrastructure, comprising a series of IT services and applications. It constitutes an
innovative service platform providing e-health functionality across heterogeneous
networks, focusing on a patient-centered, clinically-driven, healthcare delivery system.
High quality international trends are applied for the structure of the Electronic Health
Record (EHR), as well as for the integration with third party systems by utilizing
internationally acclaimed standards and protocols (like, e.g. HL7, DICOM etc.).
Through its various applications and tools, ICS contributes to the treatment planning
and the clinical decision support for disease management. The ICS suite is installed in
1
ENISA Incident report: https://www.enisa.europa.eu/topics/incident-reporting
2
US-CERT National cyber incident response plan:
https://www.us-cert.gov/sites/default/files/ncirp/National_Cyber_Incident_Response_Plan.pdf
3
CeHA’s ISC-M software suite: https://www.ics.forth.gr/ceha/FlipbookV1/CeHA.pdf
5
20 health service providers in Greece, including regional health authorities, hospitals,
and primary care centers.
3.1 ICS-M Architecture
CyberSure assesses the protection level that is provided by the ICS-M software suite.
Three available ICS-M services are examined:
Ward Management: supports the placement of patients in specific clinic beds and
the monitoring of the medical and nursing operations.
Supply Management: the nursing personnel of each clinic orders specific medical
and nutrition products, which are automatically recorded in the patient’s healthcare
history. ICS-M exchanges relevant information with the hospital’s storage
department (another third-party application).
EHR: the medical and nursing personnel can access the health-records of each
patient that is currently nursing at the specific clinic. As EHR contains sensitive
personal data, role-based access control (RBAC) is imposed where each user
accesses the subset of information that is absolutely necessary for the requested
action, with medical personnel gaining higher degree of interaction.
The system architecture is depicted in Fig. 2. The medical records for all patients are
maintained in the Data Base server. The data is accessed via the Application Server that
implements the core backend functionality for the ICS-M services. The services can
exchange information with third-party applications (e.g. the Laboratory Information
System (LIS)) through the MS Rhapsody broker.
Fig. 2. ICS-M architecture
6
The Active Directory is utilized for the user authentication. Two interfaces are
available. The web client communicates directly only with the Application Server,
which then exchange information with the rest components (i.e. the Active Directory,
the Data Base server, and the MS broker). On the other hand, the application client
communicates directly with the Active Directory, the database, and the broker. The
same functionality is offered by both interfaces.
3.2 Legislation
For the e-health pilot system, legal compliance must be assured by the following
procedures: i) informed consent and voluntary participation, ii) confidentiality, iii)
anonymity and privacy, iv) data usage/control/destruction, v) minimal risk, vi) transfer
of data to third parties, and vii) feedback.
Moreover, we have identified two main points that require special attention and
focus from an ethical point of view:
Ensure personal data protection and anonymity for the ICS-M components, which
are deployed in Greece
Ensure compliance with legislation and directives on both the European but also the
national levels of Greece where the examined healthcare system is applied
These actions include a special effort to conform to the new European data protection
legislation, labelled as General Data Protection Regulation (GDPR), which becomes
enforceable in May 2018.
All collected data from the e-health systems must be anonymized in order to avoid
any law violation. Also, the ICS-M owner must grant its permission regarding the
integration of the monitoring mechanisms with the CyberSure platform. If it is required,
the healthcare organization must be also informed for the process.
3.3 Certification
CeHA is an ISO27001:2013 certified center [19]. In 2011, ICS-M was certified with
the EuroRec Seal of Quality EHR Level 2 by the European Institute for Health Records
EuroRec
4
. The Seal encompasses 50 functional quality criteria, addressing various
essential functions of the EHR: i) access and security management of the system, ii)
basic functional requirements on medication, iii) clinical data management, and iv) the
generic statements focusing on trustworthiness of the clinical data.
The nursing and medical applications of ICS-M have been designed for health care
professionals who require the use of software within a medical context. The integration
with the CyberSure platform should not violate the provided protection mechanisms.
The key security, privacy, and dependability requirements for e-health pilot include:
1. the preservation of privacy, confidentiality and integrity of medical records in-
transit and at-storage
2. the preservation of privacy, confidentiality and integrity of prescription and
financial data in-transit and at-storage
4
EuroRec: www.eurorec.org
7
3. and the preservation of a high degree of the e-health platform availability.
Thus, the integration of ICS-M and CyberSure’s platform must comply with these
technical criteria. The CyberSure platform does not have access to confidential
information and EHR data. Additionally, the monitoring components at the pilot-end
do not collect information regarding the patients’ personal identifiable information (PII)
and are compliant with the GDPR.
3.4 Potential Insurance Scenarios
3.4.1 Contract 1 Insurance of the IT company that provides a system to the
hospital
In case where the contract insures the availability of the main hospital’s server during
the working hours for the public, the CyberSure platform should inform the hospital
about the potential violation of the contract before event really occurs (the server has
not been maintained for some period and the possibility of malfunctioning during the
next few days is high).
3.4.2 Contract 2 Insurance of the hospital (direct PII processor) against GDPR
violations
The hospital’s management sector needs to issue an insurance contract between the
hospital and the IT Company in order to comply with the GDPR [20], regarding the
privacy preservation and the prevention of unauthorized disclosure of health-related
information. The company must guarantee that the role-based access to the sensitive
personal data is enforced in all cases and the access rights are properly handled.
The monitoring controls on the pilot system should capture the personnel’s login
behavior (e.g. [21]) and inform the organization if the compliance with the security
policy is not adhered (i.e. the password strength is not sufficient, the passwords are not
changed regularly, there many failed login connections, etc.).
4 Risk Analysis, Certification, and Insurance with CyberSure
This section describes the deployment infrastructure of CyberSure. The various
components of the CyberSure platform are installed in the relevant host companies with
on-line monitoring controls being deployed on the healthcare organization.
CyberSure consists of four core components: the risk assessment tools (RIS
5
and
NESSOS
6
), the insurance tool (HELLAS DIRECT
7
), the certification tool (CUMULUS
[22], [23]), and the e-health system (ICS-M). The various systems are integrated and
common interfaces are implemented in order to enable the exchange of information.
The overall architecture and data flows are depicted in Fig. 3.
5
RIS: https://dgsspa.com/pagine/15/ris
6
NESSOS: http://www.nessos-project.eu/
7
HDI tool: https://www.hellasdirect.gr/en/
8
Fig. 3. CyberSure architecture
The two risk assessment tools that perform the baseline and comprehensive risk
analysis are installed in the two host companies (the RIS tool in NIS and NESSOS in
CNR). Security experts from these two companies interview the employees of the
evaluated system, sequentially. For both tools, questionnaires and other information are
completed on-line by the employees. The tools process the received data and the
security experts finalize the risk assessment report. In the first iteration, the whole
system is analyzed by the RIS tool. This initial universal documentation forms the
baseline analysis, as illustrated in the next figure, is provided to the evaluated
organization along with a set of suggested system upgrades. Then, a comprehensive
risk analysis is conducted with the NESSOS tool, which concentrates in the assets that
exhibit the highest risk and takes into account real incidents in the examined
organization and attack trends in the related business sector. Fig. 4 depicts the overall
risk analysis procedure. The process can be repeated for a more thorough analysis that
examines the final compliance of the pilot system.
9
Fig. 4. Risk analysis processes
Then, the final risk assessment outcomes, which reflect the current cyber security
status, are parsed by the insurance tool that runs in HELLAS DIRECT. Classified
historical data regarding the considered risks are aggregated in the model together with
other parameters, like discounts or penalizations. The insurance experts estimate the
economic parameters of the potential insurance contract. The result is a set of contract
offers that cover specific operational aspects and risks, providing several options from
basic to full coverage of the economic loss. Each evaluated organization chooses one
of the possible options based on its needs and financial capabilities.
Finally, the on-line certification model and the underlying controls must be
established. These are the CyberSure’s components that continuously monitor the pilot
system, issue the CUMULUS certificate, and detect potential violations. The reasoning
procedures are modelled in the Event Calculus (EC) [16]. Continuous monitoring is one
of the main novelties of the framework and is detailed in the next section.
5 Assessment of the ICS-M with CyberSure
5.1 Real Case Scenario Database and Application Servers’ Up-Time
For the CyberSure framework, we will evaluate the protection level and the potential
risks for the underlying assets of the three aforementioned ICS-M services. For real-
time monitoring, the CyberSure platform will inspect parameters that are described in
the Service License Agreement (SLA) for the fair use between the hospital and the ICS-
M provider, such as the servers’ up-time, the EHR availability, and the volume of
concurrently supported clients.
The back-end infrastructure for the service (i.e. applications and database servers) is
located in the private company’s premises in Athens. The hospital in Heraklion runs a
10
terminal application at the front office (i.e. for arranging rendezvous regarding the
available medical services).
The company operations start at 9:00 a.m. The hospital operations for the public start
at 8:00 a.m. If the server is out of service, the hospital has to wait for at least 1.5-2 hours
until the company’s personnel reach the company, get informed, and fix the problem.
The hospital’s management sector needs to issue an insurance contract between the
hospital and the IT company, regarding the availability of the service. The company
must guarantee a minimum delay in responding to availability issues for the front office
applications. The delay cannot exceed the half hour during the working period where
the hospital is open for the public (i.e. 8:00 a.m. 4:00 p.m.).
Nevertheless, except from the availability of the service and the dependability of the
provided solution, the authorized access to the data must be also ensured. Thus, the
company must verify that the RBAC is enforced in all cases.
5.2 Risk analysis & Evaluation
Fig. 5 illustrates the evaluation results of the baseline risk assessment analysis for the
examined ICS-M suite. As ICS-M was already a certified product (i.e. EuroRec), only
minor improvements regarding the operational aspects in the examined hospital where
made by RIS and NESSOS. Then, we proceed by deploying CUMULUS certification
models and monitoring controls for the assets that are related with the aforementioned
insurance scenarios and exhibit the highest risk.
Fig. 5. The baseline risk assessment result of the e-health pilot, made by the RIS tool
5.3 Insurance & CUMULUS Certification
The hospital’s management sector needs to issue an insurance contract between the
hospital and the IT company, regarding the availability of the service. The company
must guarantee a minimum delay in responding to availability issues for the front office
11
applications. The delay cannot exceed the half hour during the working period where
the hospital is open for the public (i.e. 8:00 a.m. 4:00 p.m.).
Fig. 6. The CUMULUS certification process
12
Fig. 6 illustrates the CUMULUS certification process. The two organizations will
issue a contract utilizing the extended version of CUMULUS ([22], [23]) via
CyberSure. The initial evaluation life-cycle is for one year and the contract can be
renewed in an annual basis. Every day from Monday to Friday, the system must monitor
the availability of the system every half hour during the working period 8:00 a.m.
4:00 p.m. The relevant SLA certification model (CM) is defined as:
The two entities request a certificate from the CyberSure’s certification authority
(CA) based on this CM. The CA submits it to the certificate generator (CG). The CG
configures the monitoring infrastructure for starting the incremental certification
process. CG calls the Service MonitorAbility Reporting Tool (SMART) and finds the
monitoring infrastructure in the hospital’s terminal devices (JAVA program that
periodically checks the HTTP request status).
The monitoring component is has a unique identifier <CaseId>
Its type is SENSOR: It checks if the server is down or not
The front office application is a web service <_SrvId>. Technically, the availability
is checked by examining periodically the HTTP request of the service’s home page.
If the status ‘404 Not Found’ is returned, the service is unavailable. If the problem
<ns1:CertificationModel xmlns:xsi='http://www.w3.org/2001/XMLSchemainstance'
xmlns:ns3='http://slasoi.org/monitoring/citymonitor/xmlrule'
xmlns:ns2='http://assert4soa.eu/schema/Assert_SQL'
xmlns:ns1='http://www.cumulus.org/certificate/model'
xsi:schemaLocation='http://www.cumulus.org/certificate/model
CertificationModel-v2.xsd'>
<CASignature></CASignature>
<AbstractSecurityProperty
expression="http://www.slaatsoi.org/commonTerms#availability"/>
<AssessmentScheme>
<EvidenceFrequency checkingPeriod="0.5" periodUnit="hours"
minNoOfEvents ="1"></EvidenceFrequency>
<SufficientEvidence minMonitoredPeriod="30" periodUnit="days"
minNoOfEvents="350"></SufficientEvidence>
</AssessmentScheme>
<ValidityTests negated="false" certificateScope="SINGLE">
<ns2:Condition negated="false" relation="EQUAL-TO">
<ns2:Operand1>
<ns2:AssertOperand facetName="Assert" facetType="Assert">
//ASSERTCore/SecurityProperty/@PropertyAbstractCategory
</ns2:AssertOperand>
</ns2:Operand1>
<ns2:Operand2>
<ns2:Constant type="STRING">
http://www.assert4soa.eu/ontology/security/security#Integrity
</ns2:Constant>
</ns2:Operand2>
</ns2:Condition>
</ValidityTests>
<MonitoringConfigurations>
<MonitoringConfiguration>
<Component type="REASONER">
<EndPoint>http://localhost:8888/...</EndPoint>
</Component>
… … … …
</MonitoringConfiguration>
</MonitoringConfigurations>
</ns1:CertificationModel>
13
has not been fixed until the next try (i.e. half an hour), the assertion <_AssertId> has
been violated.
The relevant EC-Assertion+ for the EVEnt REaSoning Tollkit (EVEREST) is
defined as:
If the problem is fixed, the monitoring status is restored.
As it concerns the authorization perspective, the IT company needs to insure its
RBAC service. A similar procedure is followed, with monitoring controls assessing the
access to the databases. The controls examine every access attempt to the data through
the datadase’s log file and, in case of violation, the framework is informed accordingly
(as in the server’s availability case above).
5.4 Accomplishments
This comprehensive approach, including the real-time contribution of CUMULUS,
allows us to determine a more reliable picture of the service to insure. In this case,
CyberSure achieves to:
Provide information of historical data/incident to evaluate the actual probability a
threat can occur
Give a real-time evidence of a violation in a security control (e.g. availability and
authorization)
The corresponding, potential, vulnerabilities might be evaluated immediately and
objectively, and not “off-line” with the subjective contribution of the checklist. This
can be applied to some technical controls of the ISO27002:2013 [19]. On the other side,
if some specific security controls are managed by CUMULUS and are meaningful for
the assessment, they can be included in the configuration or the risk analysis tools.
6 Conclusions
The digitalization of insurance procedures and the coverage of cyber assets has now
become an emerging necessity. The European GDPR further stresses the need towards
cyber insurance, especially for the healthcare organizations that process high volumes
of personal sensitive data. This article proposes a novel cyber insurance framework,
Event _eId = unavailable service HTTP ‘404 Not Found’ is returned
Rule r1:
Happens(e(_eId, _SrvId, CaseId), _ti) =>
HoldsAt(Unavailable(_SrvId),_ti)
Rule r2:
Happens(e(_eId, _SrvId, CaseId), _ti) HoldsAt(Unavailable(_SrvId),_ti-1)=>
HoldsAt(AssertionViolation(_AssertId, _SrvId),_ti)
Event _eId2 = problem fixed
Rule r3:
Happens(e(_eId2, _SrvId), _ti) =>
Terminate(Unavailable(_SrvId),_ti) AND
Terminate(AssertionViolation(_AssertId, _SrvId),_ti)
14
called CyberSure. It tackles several limitations of the current solutions by deploying
continuous certification and real-time assessment of risk and the contracted insurance
policies. As a case study, CyberSure is applied in order to assess the system of a
medium-size public hospital in Greece. The overall approach is effective and efficient,
and reduces the possibility of potential security events, benefiting both the insurer and
the insured organizations.
7 Acknowledgements
This work has received funding from the European Union Horizon’s 2020 research and
innovation programme under the grant agreements No. 786890 (THREAT-ARREST)
and No. 830927 (CONCORDIA), and the Marie Skodowska-Curie grant agreement No.
734815 (Cyber-Sure).
References
1. W. Pritchett, “Insurtech 10: Trends for 2019,” The Digital Insurer, KPMG, March, 2019,
pp. 1-36.
2. G. Matouschek, “InsturTechs Reshaping insurance today,” 27th congress of the
International Association of Legal Protection Insurance (RIAD), Ireland, Dublin, 5-6
October, 2017, pp. 1-29.
3. P. Millaire et al., “Latest industry trends in cyber security and cyber insurance,” CyberCube,
May, 2018, pp. 1-10.
4. G. Hatzivasilis et al., “Review of security and privacy for the Internet of Medical Things
(IoMT),” IEEE DCOSS, Santorini Island, Greece, 29-31 May, 2019, pp. 8-15.
5. G. Hatzivasilis et al., “The CE-IoT framework for green ICT organizations,” IEEE DCOSS,
Santorini Island, Greece, 29-31 May, 2019, pp. 1-7.
6. G. Hatzivasilis et al., “Real-time management of railway CPS,” IEEE ECYPS, Bar
Montenegro, 11-15 June, 2017, pp. 1-4.
7. D. Woods and A. Simpson, “Policy measures and cyber insurance: a framework,” Journal
of Cyber Policy, Taylor & Francis, vol. 2, no. 2, 2017, pp. 209-226.
8. A. Marotta et al., “Cyber-insurance survey,” Computer Science Review, Elsevier, vol. 24,
May, 2017, pp. 35-61.
9. P. H. Meland, I. A. Tøndel, and B. Solhaug, “Mitigating risk with cyberinsurance,” IEEE
Security & Privacy, vol. 13, no. 6, 2015, pp. 38-43.
10. U.S. Department of Health & Human Services (HHS), “Anthem pays OCR $16 million in
record HIPAA settlement following largest U.S. health data breach in history,” HHS Press
Office, October 15, 2018.
11. HIPPA Journal, “Largest healthcare data breaches of 2018,” December 27, 2018,
https://www.hipaajournal.com/largest-healthcare-data-breaches-of-2018/ .
12. D. Liveri, A. Sarri, and C. Skouloudi, “Security and Resilience in eHealth,” ENISA reports,
15 March, 2016, pp. 1-48.
13. R. Pal, L. Golubchik, K. Psounis, and P. Hui, “Will cyber-insurance improve network
security? A market analysis,” IEEE INFOCOM, Toronto, Canada, 27 April – 2 May, 2014,
pp. 235-243.
15
14. R. Pal, L. Golubchik, K. Psounis, and P. Hui, “Security pricing as enabler of cyber-insurance
a first look at differentiated pricing markets.” IEEE Transactions on Dependable and Secure
Computing, vol. 16, no. 2, 2019, pp. 358-372.
15. F. Martinelli et al., “Preventing the drop in security investments for non-competitive cyber-
insurance market,” 12th International Conference on Risks and Security of Internet and
Systems (CRISIS), Dinard, France, 19-21 Sept., 2017, pp. 1-16.
16. G. Hatzivasilis et al., “AmbISPDM: Managing Embedded Systems in Ambient Environment
and Disaster Mitigation Planning,” Applied Intelligence, Springer, vol. 48, issue 6, pp. 1623-
1643, 2017.
17. P. H. Meland and F. Seehusen, “When to treat security risks with cyber insurance,”
International Journal on Cyber Situational Awareness, C-MRiC, vol. 3, no. 1, 2018, pp. 39-
60.
18. S. Romanosky et al., “Content analysis of cyber insurance policies: how to carriers price
cyber risk?,” Journal of Cybersecurity, Oxford Academic, vol. 5, issue 1, Feb. 2019, pp. 1-
38.
19. Information security management systems, ISO/IEC 27001, 2013:
https://www.iso.org/isoiec-27001-information-security.html .
20. Directive 95/46/EC General Data Protection Regulation (GDPR), European Parliament
and European Council, 2016: https://eur-lex.europa.eu/legal-
content/EN/ALL/?uri=celex%3A32016R0679 .
21. G. Hatzivasilis, “Password-Hashing Status. Cryptography, MDPI Open Access Journal,
vol. 1, issue 2, number 10, pp. 1-31, 2017.
22. M. Krotsiani, G. Spanoudakis, and C. Kloukinas, “Monitoring-based certification of cloud
service security,” OTM Confederated Conferences On the Move to Meaningful Internet
Systems, Phodes, Greece, Springer, LNCS, vol. 9415, 2015, pp. 644-659.
23. M. Krotsiani, C. Kloukinas, and G. Spanoudakis, “Cloud certification process validation
using formal methods,” International Conference on Service Oriented Computing, Malaga,
Spain, 13-16 Nov., 2017, pp. 65-79.
ResearchGate has not been able to resolve any citations for this publication.
Article
Full-text available
The role of the insurance industry in driving improvements in cyber security has been identified as mutually beneficial for both insurers and policy-makers. To date, there has been no consideration of the roles governments and the insurance industry should pursue in support of this public–private partnership. This paper rectifies this omission and presents a framework to help underpin such a partnership, giving particular consideration to possible government interventions that might affect the cyber insurance market. We have undertaken a qualitative analysis of reports published by policy-making institutions and organisations working in the cyber insurance domain; we have also conducted interviews with cyber insurance professionals. Together, these constitute a stakeholder analysis upon which we build our framework. In addition, we present a research roadmap to demonstrate how the ideas described might be taken forward.
Article
Full-text available
The need to manage embedded systems, brought forward by the wider adoption of pervasive computing, is particularly vital in the context of secure and safety-critical applications. Technology infiltrates in ordinary things, hitching intelligence and materializing smart systems. Each of these individual entities monitors a specific set of parameters and deduces a constrained local view of the surrounding environment. Many distributed devices exchange information in order to infer the real system state and achieve a consistent global view. However, conflicts may arise due to the integration of deficit pieces of local knowledge. Robust and efficient conflict resolution is essential, especial in cases of emergency where the system must contribute with timely and accurate data to the overall crisis management operation. In this paper, we present AmbISPDM - a formal framework for the management of embedded systems with a coherent conflict resolution mechanism. The process is implemented as a software agent's reasoning behaviour and applied in the multi-agent domain. As a proof of concept, a smart university campus setting is deployed, with agents controlling embedded devices to assist living conditions in normal operation and the evacuation planning in case of fire.
Article
Full-text available
Computers are used in our everyday activities, with high volumes of users accessing provided services. One-factor authentication consisting of a username and a password is the common choice to authenticate users in the web. However, the poor password management practices are exploited by attackers that disclose the users’ credentials, harming both users and vendors. In most of these occasions the user data were stored in clear or were just processed by a cryptographic hash function. Password-hashing techniques are applied to fortify this user-related information. The standardized primitive is currently the PBKDF2 while other widely-used schemes include Bcrypt and Scrypt. The evolution of parallel computing enables several attacks in password-hash cracking. The international cryptographic community conducted the Password Hashing Competition (PHC) to identify new efficient and more secure password-hashing schemes, suitable for widespread adoption. PHC advanced our knowledge of password-hashing. Further analysis efforts revealed security weaknesses and novel schemes were designed afterwards. This paper provides a review of password-hashing schemes until the first quarter of 2017 and a relevant performance evaluation analysis on a common setting in terms of code size, memory consumption, and execution time.
Article
Full-text available
Cyber insurance is a rapidly developing area which draws more and more attention of practitioners and researchers. Insurance, an alternative way to deal with residual risks, was only recently applied to the cyber world. The immature cyber insurance market faces a number of unique challenges on the way of its development. In this paper we summarise the basic knowledge about cyber insurance available so far from both market and scientific perspectives. We provide a common background explaining basic terms and formalisation of the area. We discuss the issues which make this type of insurance unique and show how different technologies are affected by these issues. We compare the available scientific approaches to analysis of cyber insurance market and summarise their findings with a common view. Finally, we propose directions for further advances in the research on cyber insurance.
Article
Full-text available
Despite the promising potential of network risk management services (e.g., cyber-insurance) to improve information security, their deployment is relatively scarce, primarily due to such service companies being unable to guarantee profitability. As a novel approach to making cyber-insurance services more viable, we explore a symbiotic relationship between security vendors (e.g., Symantec) capable of price differentiating their clients, and cyber-insurance agencies having possession of information related to the security investments of their clients. The goal of this relationship is to (i) allow security vendors to price differentiate their clients based on security investment information from insurance agencies, (ii) allow the vendors to make more profit than in homogeneous pricing settings, and (iii) subsequently transfer some of the extra profit to cyber-insurance agencies to make insurance services more viable. \noindent In this paper, we perform a theoretical study of a market for differentiated security product pricing, primarily with a view to ensuring that security vendors (SVs) make more profit in the differentiated pricing case as compared to the case of non-differentiated pricing. In order to practically realize such pricing markets, we propose novel and \emph{computationally efficient} consumer differentiated pricing mechanisms for SVs based on (i) the market structure, (ii) the communication network structure of SV consumers captured via a consumer's \emph{Bonacich centrality} in the network, and (iii) security investment amounts made by SV consumers.
Article
Data breaches and security incidents have become commonplace, with thousands occurring each year and some costing hundreds of millions of dollars. Consequently, the market for insuring against these losses has grown rapidly in the past decade. While there exists much theoretical literature about cyber insurance, very little practical information is publicly available about the actual content of the polices and how carriers price cyber insurance premiums. This lack of transparency is especially troubling because insurance carriers are often cited as having the best information about cyber risk, and know how to assess – and differentiate – these risks across firms. In this qualitative research, we examined cyber insurance policies filed with state insurance commissioners and performed thematic (content) analysis to determine (i) what losses are covered by cyber insurance policies, and which are excluded?; (ii) what questions do carriers pose to applicants in order to assess risk?; and (iii) how are cyber insurance premiums determined – that is, what factors about the firm and its cybersecurity practices are used to compute the premiums? By analyzing these policies, we provide the first-ever systematic qualitative analysis of the underwriting process for cyber insurance and uncover how insurance companies understand and price cyber risks.
Conference Paper
The rapid development of cyber insurance market brings for- ward the question about the effect of cyber insurance on cyber security. Some researchers believe that the effect should be positive as organisa- tions will be forced to maintain a high level of security in order to pay lower premiums. On the other hand, other researchers conduct a theo- retical analysis and demonstrate that availability of cyber insurance may result in lower investments in security. In this paper we propose a mathematical analysis of a cyber-insurance model in a non-competitive market. We prove that with a right pricing strategy it is always possible to ensure that security investments are at least as high as without insurance. Our general theoretical analysis is confirmed by specific cases using CARA and CRRA utility functions.
Article
To achieve a proper balance between security investments and acceptable loss, businesses take a mixed approach to risk management. In addition to preventive and remedial actions and self-insurance, many are now buying cyberinsurance, a cost-saving but still-developing strategy.
Insurtech 10: Trends for 2019
  • W Pritchett
W. Pritchett, "Insurtech 10: Trends for 2019," The Digital Insurer, KPMG, March, 2019, pp. 1-36.