Date Added: Feb 2012
Internet users such as individuals and organizations are subject to different types of epidemic risks such as worms, viruses, spams, and botnets. To reduce the probability of risk, an Internet user generally invests in traditional security mechanisms like anti-virus and anti-spam software, sometimes also known as self-defense mechanisms. However, according to security experts, such software (and their subsequent advancements) will not completely eliminate risk. Recent research efforts have considered the problem of residual risk elimination by proposing the idea of cyber-insurance. In this regard, an important research problem is resolving information asymmetry issues associated with cyberinsurance contracts. In this paper, the authors propose three mechanisms to resolve information asymmetry in cyber-insurance.