Please login first
A Stochastic Gordon–Loeb Framework for Outcome-Based Cyber Insurance
1 , * 2
1  Department of Human Science, Link Campus University, via del casale di San Pio V, 00165, Rome, Italy
2  Department of Economics, Roma Tre University, Via Silvio D'Amico 77, 00145, Rome, Italy
Academic Editor: Corina Constantinescu

Published: 01 July 2026 by MDPI in The 1st International Online Conference on Risks session Actuarial Science
Abstract:

Introduction
Cyber ​​insurance markets are fertile ground for outcome-based contracts (OBCs), in which premiums depend on observable security performance. While these contracts aim to align incentives between policyholders and insurance companies, they also introduce additional solvency risk due to the stochastic interaction between security investments, loss frequency, and premium variability. Therefore, we propose a stochastic framework to model the trade-off between policyholders' security investments and insurer liability and to assess the solvency implications of performance-related pricing in cyber insurance.

Methods
We extend a stochastic Gordon–Loeb framework with aggregate losses dependent on the stochastic breach probability determined by security investments. The policyholder's investment dynamics are modeled as an exogenous mean-reverting diffusion, which captures operational uncertainty. The insurance company offers a premium adjustment based on expected outcomes, linked to vulnerability over the contractual horizon. The insurance company's profit and loss distribution is derived by combining the frequency of stochastic attacks, their severity, vulnerability dynamics, and performance-related premium variability. This also allows for the effects on capital requirements.

Expected Results
The model reveals a nonlinear relationship between incentive intensity and capital requirements. Performance-based pricing reduces expected losses but increases profit volatility due to premium variability. The net solvency effect depends on the covariance between aggregate losses and vulnerability-based premium adjustments. An optimal incentive intensity emerges that minimizes required capital while preserving risk mitigation benefits.

Conclusions
Outcome-based cyber insurance contracts create a measurable trade-off between security investment incentives and the insurer's solvency risk. The proposed framework enables dynamic performance-based pricing, consistent with risk-sensitive capital valuation, providing a quantitative basis for prudentially sound cyber OBC design.

Keywords: cyber insurance; gordon loeb; stochastic modeling; solvency capital requirement
Top