Skip to main content

Threat models for cyber insurance

About the project
This research project aims to design a threat modelling and attack simulation language, insuranceLang, for cyber insurance. Testing and validating the domain-specific language will be done using data from the insurance industry. Cyber insurances are fairly new and the models used for it are simplistic and highly generalized. One reason for this is the lack of relevant historical data on insured losses. As a consequence, cyber insurance is probably not used optimally. In particular, appropriate insurance coverage cannot be offered to some industries because their risks cannot be assessed.

Threat models illustration

Background
Society is getting more digitalized. This entails great opportunities, but also novel cyber risks which can be difficult to assess. An adequate understanding of cyber risk is crucial since cybersecurity is a prerequisite for successful industrial transformation and digitalization. Thus, there is great potential for overcoming some of these cyber insurance challenges. More precisely, the use of attack simulations based on system architecture (threat) models is a promising avenue for analyzing the cybersecurity posture of a system. If such analyses were to become more widely used by insurers, that could enable more precise risk assessment, a better understanding of risk-reducing measures, and insights into risks that have been uninsurable until now.

Crossdisciplinary collaboration
The researchers in the team represent the School of Electrical Engineering & Computer Science, KTH and the Division of Digital Systems, RISE.

Contacts

Photo of Robert Lagerström

Robert Lagerström

Associate professor, School of Electrical Engineering & Computer Science, KTH

+46 8 790 68 66
robertl@kth.se
Photo of Ulrik Franke

Ulrik Franke

Senior researcher, Division of Digital Systems, RISE

+46 72 549 92 64
ulrik.franke@ri.se