Date Added: May 2009
This paper investigates how competitive cyber-insurers affect network security and welfare of the networked society. In the model, a user's probability to incur damage (From being attacked) depends on both his security and the network security, with the latter taken by individual users as given. First, the authors consider cyber-insurers who cannot observe (And thus, affect) individual user security. This asymmetric information causes moral hazard. Then, for most parameters, no equilibrium exists: the insurance market is missing. Even if equilibrium exists, the insurance contract covers only a minor fraction of the damage; network security worsens relative to the no-insurance equilibrium.