Security Pricing as an Enabler of Cyber-Insurance
Despite the promising potential of cyber-insurance to improve information security, deployment is relatively scarce. This paper explores a possible symbiotic relationship between security vendors capable of price differentiating their clients, and cyber-insurance agencies having possession of information related to the security investments of their clients. The goal of this relationship is to (i) allow security vendors to price differentiate their clients based on security investment information from insurance agencies, (ii) allow the vendors to make more profit than in homogeneous pricing settings, and (iii) subsequently transfer some of the extra profit to cyber-insurance agencies to make insurance services more viable. This theoretical study proposes novel and computationally efficient consumer differentiated pricing mechanisms.