Cybersecurity becomes a concern for companies and governments that rely on technology to run and maintain their services [1]. However, many times the cyberattacks are successfully done, causing several damages, such as financial losses, business disruption, and data stolen [2]. As the cyberattacks have been increased over the years, even with the evolve of protections, different models of cyber insurance coverage [3] have been proposed to minimize the impacts and provide a faster recovery when cyberattacks surpass the underlying protections of businesses. The cyber insurance market is still in its infancy around the globe. However, according to initial predictions, the worldwide spending on cyber insurance will achieve roughly 9 billion US$ by 2020 [4]. Based on that, novel approaches have been discussed to propose cyber insurance models [5], such as those based on blockchain and smart contracts [6]. In [7], for example, the authors proposed a blockchain-based continuous monitoring and processing system for cyber insurance. However, there is still a lack of solutions that, for example, allows traceability of changes in the company's cybersecurity, a simplified description of company configurations, and ease and intuitive creation of a cyber insurance contract.
The goal of this thesis is to (i) conduct a cyber insurance literature overview, (ii) determine a cyber insurance contract model, which has to contain all relevant information for both cyber-insurers and customers, and (iii) deploy the agreement (i.e., contract) into a smart contract (i.e., blockchain) that allows the enforcement of the terms defined in the contract while ensure up-to-date information regarding potential risks (e.g., outdated systems or negligence on the part of the insured). Therefore, the generated smart contract has to consider not only fixed but also dynamic information that could be updated by the involved actors (i.e., cyber-insurer and customer). Additionally, a web-based interface might be implemented to simplify the management of the whole process (e.g., allowing initial inputs from customers and a smart contract update).
References
[1] S. Morgan: Cybercrime Report: Cybercrime Damages will Cost the World 6 trillion Annually by 2021; August 2016, [Online] https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/,last visit February 2020.
[2] B. Rodrigues, M. F. Franco, G. Paranghi, B. Stiller: SEConomy: A Framework for the Economic Assessment of Cybersecurity; 16th International Conference on the Economics of Grids, Clouds, Systems, and Services (GECON 2019), Springer, Leeds, UK, pp. 1–9.
[3] Dan Burke: Cyber Insurance 101: What Cyber Insurance Covers; October 2019, [Online] https://woodruffsawyer.com/cyber-liability/cyber-101-insurance-coverage-2020/, last visit February 2020.
[4] AFP: Cyber Insurance Market to Double by 2020, Says Munich Re; September 2018, [Online] https://www.securityweek.com/cyber-insurance-market-double-2020-says-munich-re, last visit February 2020.
[5] R. Pal, L. Golubchik, K. Psounis, P. Hui: Will cyber-insurance improve network security? A market analysis; IEEE Conference on Computer Communications (INFOCOM 2014), Toronto, Canada, 2014, pp. 235-243.
[6] V. Gatteschi, F. Lamberti, Claudio Demartini, C. Pranteda, V. Santamaría: Blockchain and Smart Contracts for Insurance: Is the Technology Mature Enough?; MDPI Future Internet, Vol. 10, No. 2, February 2018, pp. 1-16, [Online] https://www.the-digital-insurer.com/wp-content/uploads/2018/07/1243-futureinternet-10-00020-v2-1.pdf, last visit February 2020.
[7] T. Lepoint, G. Ciocarlie, K. Eldefrawy: BlockCIS—A Blockchain-Based Cyber Insurance System; IEEE International Conference on Cloud Engineering (IC2E), Orlando, USA, 2018, pp. 378-384.