Modeling the Effect of Spending on Cyber Security by Using Surplus Process

<table class="table-group" id="tab1"><tr><td><table class="table"><tr><td class="thead-hr" colspan="3"><hr/></td></tr><tr class="thead"><td class="align_left">Notation</td><td class="align_center">Traditional ruin theory</td><td class="align_center">Apply to cyber security changes</td></tr><tr><td class="thead-hr" colspan="3"><hr/></td></tr><tr><td class="align_left"><span style="width: 12.4056ptpx;"><svg height="11.927pt" id="M75" style="vertical-align:-3.291101pt" version="1.1" viewbox="-0.0498162 -8.6359 12.4056 11.927" width="12.4056pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M715 650H476L470 622C550 619 562 610 562 570C562 536 553 481 535 384L523 321C485 121 408 37 283 37C178 37 99 109 134 297L178 532C193 612 199 616 278 622L284 650H29L23 622C105 616 109 609 94 532L48 291C23 160 51 83 98 40C143 -1 202 -16 260 -16C321 -16 387 3 439 49C509 111 542 204 563 312L577 384C595 479 608 533 619 569C629 603 637 620 709 622L715 650Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,8.606,3.132)"><path d="M329 433H203L239 587L230 596L147 534L123 433H57L30 395L34 388H115L61 129C37 16 59 -12 85 -12C147 -12 222 58 260 98L241 125C212 95 160 62 144 62C132 62 127 71 138 126L192 386L305 394L329 433Z"></path></g></svg></span></td><td class="align_center">Insurer’s surplus level</td><td class="align_center">Company’s cyber security level</td></tr><tr><td class="align_left"><span style="width: 7.11985ptpx;"><svg height="6.1673pt" id="M76" style="vertical-align:-0.2063904pt" version="1.1" viewbox="-0.0498162 -5.96091 7.11985 6.1673" width="7.11985pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M515 96L502 119C471 88 431 62 423 62C416 62 411 70 417 101C440 223 469 341 497 448H486L412 422L380 277C330 188 210 57 152 57C137 57 126 69 139 124L195 366C210 431 205 448 182 448C155 448 89 413 23 350L36 326C73 354 103 376 112 376C118 376 118 365 113 340L61 118C54 90 52 68 52 51C52 0 75 -12 98 -12S151 -3 181 17C242 58 305 119 362 193H364L345 104C323 3 339 -12 359 -12C390 -12 464 35 515 96Z"></path></g></svg></span></td><td class="align_center">Initial surplus level</td><td class="align_center">Initial level of cyber security</td></tr><tr><td class="align_left"><span style="width: 5.39742ptpx;"><svg height="6.1673pt" id="M77" style="vertical-align:-0.2063904pt" version="1.1" viewbox="-0.0498162 -5.96091 5.39742 6.1673" width="5.39742pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M383 397C383 424 344 448 299 448C244 448 172 409 132 375C66 319 23 227 23 146C23 42 74 -12 146 -12C208 -12 298 30 359 103L343 124C315 95 248 48 192 48C145 48 111 85 111 163C111 228 129 294 151 330C171 363 201 401 241 401C275 401 302 384 325 356C332 347 339 344 348 348C373 360 383 381 383 397Z"></path></g></svg></span></td><td class="align_center">Continuous premium income</td><td class="align_center">Continuous cyber security development derived from cyber security investment</td></tr><tr><td class="align_left"><span style="width: 13.867ptpx;"><svg height="11.927pt" id="M78" style="vertical-align:-3.291101pt" version="1.1" viewbox="-0.0498162 -8.6359 13.867 11.927" width="13.867pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M822 650H589L583 622C660 617 677 607 674 561C672 534 664 481 647 390L600 137H596L273 650H126L120 622C176 620 194 615 207 594C221 571 225 557 214 504L161 257C141 166 129 112 121 85C108 42 83 30 29 28L23 0H260L266 28C193 33 173 42 176 89C178 122 186 172 202 255L256 527H259L583 -8H612L690 390C708 481 720 535 728 558C744 603 756 619 816 622L822 650Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,10.062,3.132)"><path d="M329 433H203L239 587L230 596L147 534L123 433H57L30 395L34 388H115L61 129C37 16 59 -12 85 -12C147 -12 222 58 260 98L241 125C212 95 160 62 144 62C132 62 127 71 138 126L192 386L305 394L329 433Z"></path></g></svg></span></td><td class="align_center">Counting process of the number of claims</td><td class="align_center">Counting process of the number of cyber attacks</td></tr><tr><td class="align_left"><span style="width: 13.0724ptpx;"><svg height="11.927pt" id="M79" style="vertical-align:-3.291101pt" version="1.1" viewbox="-0.0498162 -8.6359 13.0724 11.927" width="13.0724pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M748 650H522L515 622L546 617C580 611 587 604 565 575C518 513 469 451 419 393C376 474 349 534 330 580C318 609 325 612 361 618L383 622L392 650H151L144 622C214 616 224 612 257 543L360 327C270 218 187 124 159 95C106 40 92 34 26 28L17 0H252L259 28L236 31C189 37 188 47 209 78C249 136 308 210 377 294L478 79C494 44 487 37 449 32L418 28L409 0H673L680 28C596 34 591 39 554 116L436 361C526 469 574 521 604 553C659 612 669 614 739 622L748 650Z"></path></g><g transform="matrix(.0091,0,0,-0.0091,9.88,3.132)"><path d="M250 606C250 634 233 656 203 656C168 656 146 618 146 593C146 564 169 545 192 545C227 545 250 573 250 606ZM227 95L212 119C187 98 152 71 135 71C129 71 128 78 134 102L207 373C219 418 217 451 194 451C165 451 92 411 30 351L44 326C77 353 106 371 114 371C124 371 121 357 117 341L55 97C32 5 46 -12 70 -12C108 -12 191 51 227 95Z"></path></g></svg></span></td><td class="align_center">Insurance claims</td><td class="align_center">Damage to security level caused by the attacks</td></tr><tr><td class="align_left">Ruin event</td><td class="align_center">Insolvency</td><td class="align_center">Cyber breach</td></tr><tr class="table-tr"><td colspan="3"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

<div>Traditional ruin theory and the proposed application on cyber security level modeling.</div>

Mathematical Problems in Engineering

tab1

Table 1

Table 1: Modeling the Effect of Spending on Cyber Security by Using Surplus Process 