Abstract
Insurance of digital assets is becoming an important aspect nowadays, in order to reduce the investment risks in modern businesses. GDPR and other legal initiatives makes this necessity even more demanding as an organization is now accountable for the usage of its client data. In this paper, we present a cyber insurance framework, called CyberSure. The main contribution is the runtime integration of certification, risk management, and cyber insurance of cyber systems. Thus, the framework determines the current level of compliance with the acquired policies and provide early notifications for potential violations of them. CyberSure develops CUMULUS certification models for this purpose and, based on automated (or semi-automated) certification carried out using them, it develops ways of dynamically adjusting risk estimates, insurance policies and premiums. In particular, it considers the case of dynamic certification, based on continuous monitoring, dynamic testing and hybrid combinations of them, to adapt cyber insurance policies as the conditions of cyber system operation evolve and new data become available for adjusting to the associated risk. The applicability of the whole approach is demonstrated in the healthcare sector, for insuring an e-health software suite that is provided by an IT company to public and private hospitals in Greece. The overall approach can reduce the potential security incidents and the related economic loss, as the beneficiary deploys adequate protection mechanisms, whose proper operation is continually assessed, benefiting both the insured and the insurer.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
ENISA – Incident report: https://www.enisa.europa.eu/topics/incident-reporting.
- 2.
US-CERT – National cyber incident response plan: https://www.us-cert.gov/sites/default/files/ncirp/National_Cyber_Incident_Response_Plan.pdf.
- 3.
CeHA’s ISC-M software suite: https://www.ics.forth.gr/ceha/FlipbookV1/CeHA.pdf.
- 4.
EuroRec: www.eurorec.org.
- 5.
- 6.
NESSOS: http://www.nessos-project.eu/.
- 7.
HDI tool: https://www.hellasdirect.gr/en/.
References
Pritchett, W.: Insurtech 10: Trends for 2019. The Digital Insurer, KPMG, March 2019, pp. 1–36 (2019)
Matouschek, G.: InsturTechs – Reshaping insurance today. In: 27th congress of the International Association of Legal Protection Insurance (RIAD), 5–6 October 2017, Ireland, Dublin, pp. 1–29 (2017)
Millaire, P., et al.: Latest industry trends in cyber security and cyber insurance. CyberCube, pp. 1–10, May 2018
Hatzivasilis, G., et al.: Review of security and privacy for the Internet of Medical Things (IoMT). In: IEEE DCOSS, 29–31 May 2019, Santorini Island, Greece, pp. 8–15 (2019)
Hatzivasilis, G., et al.: The CE-IoT framework for green ICT organizations. In: IEEE DCOSS, 29–31 May 2019, Santorini Island, Greece, pp. 1–7 (2019)
Hatzivasilis, G., et al.: Real-time management of railway CPS. In: IEEE ECYPS, 11–15 June 2017, Bar Montenegro, pp. 1–4 (2017)
Woods, D., Simpson, A.: Policy measures and cyber insurance: a framework. J. Cyber Policy 2(2), 209–226 (2017)
Marotta, A., et al.: Cyber-insurance survey. Comput. Sci. Rev. 24, 35–61 (2017)
Meland, P.H., Tøndel, I.A., Solhaug, B.: Mitigating risk with cyberinsurance. IEEE Secur. Privacy 13(6), 38–43 (2015)
U.S. Department of Health & Human Services (HHS), “Anthem pays OCR $16 million in record HIPAA settlement following largest U.S. health data breach in history,” HHS Press Office, 15 October 2018
Largest healthcare data breaches of 2018. HIPPA J. (2018). https://www.hipaajournal.com/largest-healthcare-data-breaches-of-2018/
Liveri, D., Sarri, A., Skouloudi, C.: Security and resilience in eHealth. ENISA reports, 15 March 2016, pp. 1–48 (2016)
Pal, R., Golubchik, L., Psounis, K., Hui, P.: Will cyber-insurance improve network security? A market analysis. In: IEEE INFOCOM, 27 April–2 May 2014, Toronto, Canada, pp. 235–243 (2014)
Pal, R., Golubchik, L., Psounis, K., Hui, P.: Security pricing as enabler of cyber-insurance a first look at differentiated pricing markets. IEEE Trans. Dependable Secure Comput. 16(2), 358–372 (2019)
Martinelli, F., et al.: Preventing the drop in security investments for non-competitive cyber-insurance market. In: Cuppens, N., Cuppens, F., Lanet, J.L., Legay, A., Garcia-Alfaro, J. (eds.) CRiSIS 2017. LNCS, vol. 10694, pp. 1–16. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-76687-4_11
Hatzivasilis, G., et al.: AmbISPDM: managing embedded systems in ambient environment and disaster mitigation planning. Appl. Intell. 48(6), 1623–1643 (2017)
Meland, P.H., Seehusen, F.: When to treat security risks with cyber insurance. Int. J. Cyber Situational Awareness, C-MRiC 3(1), 39–60 (2018)
Romanosky, S., et al.: Content analysis of cyber insurance policies: how to carriers price cyber risk? J. Cybersecurity 5(1), 1–38 (2019)
Information security management systems, ISO/IEC 27001 (2013). https://www.iso.org/isoiec-27001-information-security.html
Directive 95/46/EC – General Data Protection Regulation (GDPR), European Parliament and European Council (2016). https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679
Hatzivasilis, G.: Password-hashing status. Cryptography. J. 1(2), 1–31 (2017)
Krotsiani, M., Spanoudakis, G., Kloukinas, C.: Monitoring-based certification of cloud service security. In: Debruyne, C., et al. (eds.) OTM 2015. LNCS, vol. 9415, pp. 644–659. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-319-26148-5_44
Krotsiani, M., Kloukinas, C., Spanoudakis, G.: Cloud certification process validation using formal methods. In: Maximilien, M., Vallecillo, A., Wang, J., Oriol, M. (eds.) ICSOC 2017. LNCS, vol. 10601, pp. 65–79. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-69035-3_5
Acknowledgements
This work has received funding from the European Union Horizon’s 2020 research and innovation programme under the grant agreements No. 786890 (THREAT-ARREST) and No. 830927 (CONCORDIA), and the Marie Skodowska-Curie grant agreement No. 734815 (Cyber-Sure).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Hatzivasilis, G. et al. (2020). Towards the Insurance of Healthcare Systems. In: Fournaris, A., et al. Computer Security. IOSEC MSTEC FINSEC 2019 2019 2019. Lecture Notes in Computer Science(), vol 11981. Springer, Cham. https://doi.org/10.1007/978-3-030-42051-2_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-42051-2_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-42050-5
Online ISBN: 978-3-030-42051-2
eBook Packages: Computer ScienceComputer Science (R0)