Based on classical contagion models we introduce an artificial cyber lab: the digital twin of a complex cyber system in which possible cyber resilience measures may be implemented and tested. Using the lab, in numerical case studies, we identify two classes of measures to control systemic cyber risks: security- and topology-based interventions. We discuss the implications of our findings on selected real-world cybersecurity measures currently applied in the insurance and regulation practice or under discussion for future cyber risk control. To this end, we provide a brief overview of the current cybersecurity regulation and emphasize the role of insurance companies as private regulators. Moreover, from an insurance point of view, we provide first attempts to design systemic cyber risk obligations and to measure the systemic risk contribution of individual policyholders.

翻译：基于经典传染病模型，我们引入了一种人工网络实验室：复杂网络系统的数字孪生体，可在其中实施并测试潜在的网络安全韧性措施。通过该实验室，在数值案例研究中，我们识别出两类控制系统性网络风险的措施：基于安全性的干预与基于拓扑结构的干预。我们探讨了这些发现对当前保险与监管实践中已实施或未来网络风险控制中正在讨论的若干现实世界网络安全措施的影响。为此，我们简要概述了现行网络安全监管，并强调了保险公司作为私人监管者的角色。此外，从保险角度出发，我们首次尝试设计系统性网络风险义务，并衡量个体投保人的系统性风险贡献。