Keywords:  Security Engineering and Design,

2022

Fairness in Cybersecurity Insurance Contract

Yoon Lee, PhD Candidate, Department of Industrial Engineering and Operations Research, UC Berkeley

A limitation of existing approaches for incentive design in cybersecurity insurance contracts (CIC) is that they do not incorporate fairness. Fairness is crucial for incentives because improper design can harm people of certain classes (e.g., race or gender). In this study, we develop optimization problems for CIC design that incorporate notions of fairness into the model. The technical difficulty is that existing definitions of fairness are specialized to statistics and not to CIC. Hence, we formulate quantitative notions of fairness in the settings of principal-agent models and cybersecurity. Our model is then evaluated by theoretically studying the properties of these new definitions and empirically verifying their external validity. We also explore these definitions from both game-theoretic and stochastic perspectives to ensure that these definitions satisfy qualitative properties consistent with fairness. In order to mitigate the risk when some quantifications of fairness do not satisfy all the desired qualities, we propose multiple quantitative definitions, which encapsulate the entire range of qualitative properties. Furthermore, we analyze numerical well-posedness of the quantitative definitions of fairness for CIC by examining whether optimization problems involving our novel definitions satisfy relaxed constraint qualification. To achieve this, we leverage techniques from variational analysis and optimization theory to study the mathematical structure of the constraints resulting from incorporating fairness.