Abstract: To evaluate the overall effectiveness of enterprise cybersecurity protection after introducing risk transfer measures, this paper established a small world network to simulate the enterprise information environment, and introduced heterogeneous nodes to extend the traditional Susceptible Impacted Susceptible (SIS) model. It comprehensively considered the inherent value, connection attributes, and infection probability of nodes to optimize risk control strategies. By comparing the overall benefits of enterprises before and after purchasing cybersecurity insurance, the paper verified the practical effect of cost reduction and efficiency improvement of cybersecurity insurance tools, could provide theoretical basis and quantitative tools for enterprises to make risk decisions in complex network environments.