SoK: Cyber Insurance - Technical Challenges and a System Security Roadmap

Savino Dambra, Leyla Bilge, Davide Balzarotti. SoK: Cyber Insurance - Technical Challenges and a System Security Roadmap. In Proceedings of the 41st IEEE Symposium on Security and Privacy (S&P'20). San Francisco, CA, USA. May 2020

Our study aims at providing an extensive discussion of the technical aspects and open challenges in the  cyber-insurance domain, emphasizing how security experts can contribute to this rapidly evolving area. We believe the cyber-insurance field raises many technical questions that require the expertise of system security researchers: how can one identify and collect low-level risk indicators and compare them with externally-observable events? Is it possible to automatically extract dependencies among different software and services and capture the risk introduced by the supply-chain of a company? These are only two examples out of a long list of open research problems we have identified throughout our paper. Our main goal is to present a thorough discussion on these problems such that researchers understand that to work properly cyber insurance will require practical solutions that go well beyond its economic and game-theoretical aspects.