Building Resilience in Cybersecurity -- An Artificial Lab Approach

TL;DR

This paper introduces an artificial cyber lab based on contagion models to test cybersecurity resilience measures, providing insights into systemic risk control and implications for insurance and regulation practices.

Contribution

It presents a novel digital twin framework for simulating cyber systems and testing resilience measures, linking systemic risk management with insurance and regulatory strategies.

Findings

Identification of security- and topology-based interventions for risk control

Implications for insurance practices and systemic risk measurement

Initial proposals for systemic cyber risk obligations

Abstract

Based on classical contagion models we introduce an artificial cyber lab: the digital twin of a complex cyber system in which possible cyber resilience measures may be implemented and tested. Using the lab, in numerical case studies, we identify two classes of measures to control systemic cyber risks: security- and topology-based interventions. We discuss the implications of our findings on selected real-world cybersecurity measures currently applied in the insurance and regulation practice or under discussion for future cyber risk control. To this end, we provide a brief overview of the current cybersecurity regulation and emphasize the role of insurance companies as private regulators. Moreover, from an insurance point of view, we provide first attempts to design systemic cyber risk obligations and to measure the systemic risk contribution of individual policyholders.