Despite the promising potential of network risk management services (e.g.,cyber-insurance) to improve information security, their deployment isrelatively scarce, primarily due to such service companies being unable toguarantee profitability. As a novel approach to making cyber-insurance servicesmore viable, we explore a symbiotic relationship between security vendors(e.g., Symantec) capable of price differentiating their clients, andcyber-insurance agencies having possession of information related to thesecurity investments of their clients. The goal of this relationship is to (i)allow security vendors to price differentiate their clients based on securityinvestment information from insurance agencies, (ii) allow the vendors to makemore profit than in homogeneous pricing settings, and (iii) subsequentlytransfer some of the extra profit to cyber-insurance agencies to make insuranceservices more viable. \noindent In this paper, we perform a theoretical studyof a market for differentiated security product pricing, primarily with a viewto ensuring that security vendors (SVs) make more profit in the differentiatedpricing case as compared to the case of non-differentiated pricing. In order topractically realize such pricing markets, we propose novel and\emph{computationally efficient} consumer differentiated pricing mechanisms forSVs based on (i) the market structure, (ii) the communication network structureof SV consumers captured via a consumer's \emph{Bonacich centrality} in thenetwork, and (iii) security investment amounts made by SV consumers.
展开▼