《保险研究》20190606-《相依风险下保险公司投资信息安全软件的最优决策分析》（董坤祥、谢宗晓、甄杰、林润辉）

［摘   要］网络信息安全保险已经成为企业转移安全风险的最主要工具之一,为了探索保险公司主动参与风险防范对网络安全水平的影响,本文设计了网络信息安全保险公司对被保险企业安全软件投资的均等、最重要和按比例三种策略机制,研究在强相依和弱相依的信息安全风险下保险公司在简单情形和复杂情形中的不同投资决策机制,及其对系统效用和风险的影响。研究结果表明,在保险公司投资被保险企业安全软件的三种投资策略下,相比被保险企业不购买保险,被保险企业购买保险可以显著地提高期望效用,并且整个系统的网络安全水平逐渐提高,但是整个系统的期望收益随着保险公司投资额的增加而降低。此外,在简单情形中,保险公司在不同的投资策略下存在不同的最优投资决策,且在均等投资策略和弱相依风险下系统各主体效用和风险水平均最高；在复杂情形中,在弱相依风险和最重要投资策略下整个系统具有较高的期望和较低的风险水平,说明复杂情形的网络信息安全保险系统存在涓滴效应。

［关键词］网络信息安全保险；相依风险；软件投资；最优决策

［基金项目］本文获国家社科基金青年项目“强制性标准下企业信息安全外包与保险决策的协同机制及风险控制研究”(项目编号:17CGL019)的资助。

［作者简介］董坤祥,山东财经大学管理科学与工程学院讲师,研究方向:信息安全保险;谢宗晓(通讯作者),中国金融认证中心高级工程师,研究方向:信息安全管理;甄杰,重庆工商大学商务策划学院讲师,研究方向:信息安全治理;林润辉,南开大学商学院教授,研究方向:公司治理,E-mail:dkxgood@163.com。

Optimal Decision Analysis of Insurance Company Investment Information Security Software under Dependent Risk

DONG Kun-xiang,XIE Zong-xiao,ZHEN Jie,LIN Run-hui

Abstract：Cyber insurance has become one of the most important tools for enterprises to transfer security risks.In order to explore the impact of insurance companies′ active participation in risk prevention on cyber security level,this paper designed the equal,most important and proportional strategic mechanisms according to the cyber insurance company′s investment in security software for insured enterprises in order to study the different investment decision-making mechanisms of insurance companies in simple and complex situations under strong and weak dependent information security risks,and their impacts on system utility and risk.The research results show that under the three investment strategies of insurance companies investing in insured enterprise’s security software,compared with the scenario that the insured company does not purchase insurance,the expected utility of the insured company is significantly improved and the cyber security level of the whole system is gradually improved.However,the expected return of the entire system decreases as the amount of investment by the insurance company increases.In addition,in the simple case,the insurance company has different optimal investment decisions under different investment strategies,and the system utility and risk level are the highest under the equal investment strategy and weak dependent risk;in the complex case,under the weak dependent risk and the most important investment strategy,the whole system has higher expectations and lower risk levels,indicating that the cyber security system under complex situations has a trickle-down effect.

Key words：cyber insurance;dependent risk;software investment;optimal decision