Macquarie University
01whole.pdf (1.29 MB)

AI-enabled cyber insurance platform for small businesses

Download (1.29 MB)
posted on 2022-08-17, 01:59 authored by Ashkan Yousefi

This research reviews the potential problems for establishing a marketplace to benefit small business owners, cybersecurity providers, and insurance companies. The Cyber insurance system will benefit all the players and participants in the cyber insurance system as each stakeholder will be better-off comparing to their pre-participation state. As an example, the insurance underwriter can serve more clients; the third-party cybersecurity provider can also serve more clients. Finally, the cyber insurance platform customers also can get benefits by reducing their cyber risk and the possibility of generating greater revenue from online sales. One of the significant issues with cyber insurance is the lack of historical information for past events. The data for the past cyberattacks and the financial consequences of these attacks are not available through large data sets such as traditional insurance categories. As a result, innovative approaches are needed for the insurance underwriting procedure. One of the tools that can be used to mitigate the lack of historical data availability is dynamic underwriting for cyber insurance. To address the problems discussed above, this research presents a system powered by artificial intelligence and blockchain to collect the clients' necessary data for underwriting purposes. The system intelligently analyzes the collected data and provides smart recommendations for the actions required to minimize the insurance premium. Besides, the developed system offers an immutable tool to continuously monitor the insured client's risk and sends notifications to the client and the insurance company to adjust the premium according to the risk. The monitoring tool will help the smart underwriting procedure to be completed more accurately compared to the traditional methods of underwriting. Besides, the developed system provides a mechanism for third-party cybersecurity providers to offer their post-attack services to the insured clients. Some of the possible services to offer are ransomware negotiations, post-attack data recovery, legal services for potential lawsuits, etc. The auditors can also use the system for the required compliance checks that are needed by the regulators. The developed system consists of three major parts, including dynamic risk monitoring for the customers. The dynamic risk monitoring will help the clients to get optimized insurance premiums and optimized underwriting for their needs. The second major part is related to an intelligent recommended engine that suggests the products and services that can reduce the client cyber risk even further, and premium adjustment also can be offered because of recommended cyber risk mitigations. The final part relates to the security agent, which will be installed on the client's side to monitor any possible cyber risk anomaly. The completed research and the developed platform will help small and medium-sized businesses to have an ability to manage their cyber risk and be able to increase their online presence with a manageable risk level.


Table of Contents

1. Introduction -- 2. Literature review -- 3. Research survey -- 4. System interface design -- 5. System back end design -- 6. Conclusion -- References


A thesis submitted to Macquarie University for the degree of Master of Research

Awarding Institution

Macquarie University

Degree Type

Thesis MRes


Thesis (MRes), Macquarie University, Faculty of Science and Engineering, 2020

Department, Centre or School

Department of Computing

Year of Award


Principal Supervisor

Mehmet Orgun


Copyright: Ashkan Yousefi Copyright disclaimer:




63 pages

Usage metrics

    Macquarie University Theses


    Ref. manager