Overview
Explore a critical analysis of cyber insurance in this conference talk from BSidesSF 2017. Delve into ten ways cyber insurance fails to meet its intended purpose, challenging the conventional wisdom that it improves security incentives. Examine the behavioral aspects of decision-making in cybersecurity and discover alternative incentive instruments that could prove more effective. Learn about the misalignment between cyber insurance and its 'job to be done', including insights on risk retention, networked interdependent risks, and premium pricing trends. Gain valuable perspectives on the limitations of current cyber insurance models and consider potential counterarguments to this provocative stance.
Syllabus
Intro
First Preliminary
Second Preliminary
Insurances Incentives
Carrots Sticks
Positive Incentives
Malcolm Tucker
The Wrong People
Magic Formulas
Show of Hands
Cycle Time Between Stimulus
Higher Cybersecurity
Risk Retention
Risk Models
Networked Interdependent Risk
Data from a Survey
Pie Charts
Technical People
Variation in Premium
Survey Results
Premium Prices Rising
Book Deal
Counterarguments
Public reaction
Taught by
Security BSides San Francisco