1 Introduction

Internet security is one of the major sources of concern in today’s interconnected world. Fraud, cyber-attacks, and the influence of malicious software (or malware) on the World Wide Web and its plethora of overlying and underlying networks create significant economic, social, and political damages. In finance, security investment can be seen as a financial institution’s decision to hold higher capital. Higher capital comes, of course, at a cost but has a benefit on the entire financial system because losses are absorbed. Otherwise, a firm’s failure can translate into bankruptcy costs, and losses are imposed on other firms. As the financial crisis has highlighted, systemic risk is one of the most important risks in financial systems, with potential spillovers to the real economy. Investment in capital and liquidity has been mandated in various forms by financial regulators in the aftermath of the crisis.

Security investment is by no means specific to communication networks or to economic, information, or financial exchanges. In the current Covid-19 health emergency, the self-isolation decision played an important role in network vulnerability. Mitigating epidemic spreading and COVID-19 [1, 12, 26] can be seen as a variant of security investment when security investment is replaced by self-isolation decisions. However, the epidemic models in such applications are more realistically based on the Susceptible-Infected-Recovered (SIR) model for non-directed graphs.

In this paper, we propose a general framework in which a directed network of interconnected agents is subject to contagion risks and potential loss. We study the asymptotic Nash equilibrium and socially optimal security investments in a random directed network with fixed degrees. The structure of the networks plays an important role in the resilience of the network and impacts the decisions of different network players. We demonstrate how an agent’s decision on their security level might depend on the decisions of other agents in the network. In particular, agents who decide not to invest in self-protection also put other network participants at contagion risk.

The independent threshold model with security profiles that we introduce generalizes several contagion models in the literature, particularly the independent cascade model and the linear threshold model. We state several limit theorems on the final size of infected agents in the case of random networks with fixed degrees, for finite and infinite variance degree distributions. The results allow us to derive resilience conditions for the network in response to small initial shocks.

We characterize the asymptotic Nash equilibrium and socially optimal security investment. In the asymptotic limit, agents’ risk depends on all other agents’ investments through an aggregate quantity, which we call network vulnerability, and which captures how risky an unknown counterparty is. Based on our results, the vulnerability is semi-analytic, allowing for a tractable Nash equilibrium.

We provide sufficient conditions for investment in equilibrium to be monotone in network vulnerability. When investment is monotone, we demonstrate that the asymptotic Nash equilibrium is unique. For the case of random regular graphs and core-periphery network models, the social optimum is explicit, and we theoretically guarantee that individual decisions will result in underinvestment compared to the social optimum. In the particular example of two types of agents, called core and periphery agents, we exhibit a strong effect of cost heterogeneity and, in particular, non-monotonous investment as a function of costs.

Related literature

Limiting contagion risk requires new analytical and computational tools. Extensive research in this area focuses on the spread of epidemics over different network structures. For example, see [14, 18, 21, 24, 32, 42] for SIR epidemics in random networks and [6, 37, 39, 41, 46] for threshold contagion models in random networks.

Another related strand of literature is on default cascades and systemic risk in random financial networks, see e.g., [5, 8, 11, 13, 17, 23, 25]. In particular, in [7], the authors study financial contagion on configuration model and derive a criterion for the resilience of a financial network to insolvency contagion, based on connectivity and the structure of contagious links (i.e., those exposures of a bank larger than its capital).

There is an emerging literature on the economics of (information) security and the management of systemic cyber risk, see e.g., [2, 29, 40, 48]. In [29], the authors consider a simple one-period economic model for a single agent decision characterized by two parameters: \(\ell \in {\mathbb {R}}_+\) for the monetary loss and \(v\in [0,1]\) called vulnerability, representing the probability that without additional security investment, the agent becomes infected and the loss \(\ell \) occurs. The agent can invest the amount x at time 0 to reduce the probability of infection (loss) to p(xv). Assuming the agent is risk-neutral, her optimal security investment would be the value \(x_*=x_*(v,\ell )\) minimizing

$$\begin{aligned} x_*(v,\ell )=\arg \min \{x+\ell p(x,v): x\ge 0\}. \end{aligned}$$

Note that the fixed point solution(s) \(x_(v,\ell )\) does not need to be non-decreasing in \((v,\ell )\). For instance, [29] consider the following example: \(p(x,v)=v^{\alpha x+1}\), where \(\alpha >0\) is a productivity measure parameter for information security. A sufficient condition for monotone investment is given in [38]: Assume that p(xv) is twice continuously differentiable on \({\mathbb {R}}_+\times [0,1]\), non-increasing in x and \(\frac{\partial ^2 p}{\partial x \partial v}(x,v) \le 0,\) then the function \((v,\ell ) \rightarrow x_*(v,\ell )\) is non-decreasing in \((v,\ell )\). In this case, the security investment decision is simpler since there is an augmenting return on investment with vulnerability.

We extend the existing literature in several ways: we generalize the contagion model, allow for network heterogeneity and multiple security levels, and treat the directed network case. When investment is monotone, we show that the Nash equilibrium is unique. In the case of two types of core-periphery agents, we exhibit the strong effect of cost heterogeneity on network vulnerability and the non-monotonic investment as a function of costs.

Outline The paper is structured as follows. Section 2 provides two motivating examples for the optimal security investment game. In Sect. 3, we present our general framework for the study of contagion risks in random networks. We also state our main results on the asymptotic magnitude of contagion and resilience of large networks to small initial shocks in Sect. 3. In Sect. 4, we consider the network security game and provide a sufficient condition for the uniqueness of the equilibrium. In Sect. 5, we give a more detailed analysis of the particular case when there are two security classes, and investment in security provides strong protection. For the case of random regular graphs and core-periphery network modes, the social optimum is explicit, and we theoretically guarantee that the individual decision will be to underinvest compared to the social optimum. Section 6 concludes, and Appendix A contains all the proofs.

Notations We let \({\mathbb {N}}\) be the set of non-negative integers. For non-negative sequences \(x_n\) and \(y_n\), we write \(x_n = O(y_n)\) if there exist \(N \in {\mathbb {N}}\) and \(c > 0\) such that \(x_n \le c y_n\) for all \(n \ge N\), and \(x_n = o(y_n)\) (or \(x_n \ll y_n\)), if \(x_n/ y_n \rightarrow 0\), as \(n \rightarrow \infty \). Let \(\{ X_n \}_{n \in {\mathbb {N}}}\) be a sequence of real-valued random variables on a probability space \( (\Omega , {\mathbb {P}})\). If \(c \in {\mathbb {R}}\) is a constant, we write \(X_n {\mathop {\longrightarrow }\limits ^{p}} c\) to denote that \(X_n\) converges in probability to c. That is, for any \(\epsilon >0\), we have \({\mathbb {P}} (|X_n - c|>\epsilon ) \rightarrow 0\) as \(n \rightarrow \infty \). Let \(\{ a_n \}_{n \in {\mathbb {N}}}\) be a sequence of real numbers that tends to infinity as \(n \rightarrow \infty \). We write \(X_n = o_p (a_n)\), if \(|X_n|/a_n\) converges to 0 in probability. Additionally, we write \(X_n = O_p (a_n)\), to denote that for any positive sequence \(\omega (n) \rightarrow \infty \), we have \({\mathbb {P}} (|X_n|/a_n \ge \omega (n)) = o(1)\). If \({\mathcal {E}}_n\) is a measurable subset of \(\Omega \), for any \(n \in {\mathbb {N}}\), we say that the sequence \(\{ {\mathcal {E}}_n \}_{n \in {\mathbb {N}}}\) occurs with high probability (w.h.p.) if \({\mathbb {P}} ({\mathcal {E}}_n) = 1-o(1)\), as \(n\rightarrow \infty \). Also, we denote by \(\textsf{Bin}(k,p)\) a binomial distribution corresponding to the number of successes of a sequence of k independent Bernoulli trials each having probability of success p. We will suppress the dependence of parameters on the size of the network n, if it is clear from the context.

2 Preliminaries

To illustrate the basic intuition in a simpler framework, this section provides two motivating examples for the network security game. First, the case of two agents is considered, followed by a simplified contagion process in the form of a contact process on infinite regular trees.

2.1 Optimal security investment for two agents

We first look at the optimal security investment game in the case of two agents \({\mathcal {A}}=\{1,2\}\) sharing two links (\(1\rightarrow 2\) and \(2\rightarrow 1\)). Assume that each agent has two security choices \({\mathcal {S}}=\{0,1\}\): \(s_i=1\) if the agent i invests in strong security (in this case, she never gets infected) and \(s_i=0\) if the agent i does not invest in security and is subject to epidemic risk.

Table 1 summarizes the expected costs to the agents for the four possible outcomes: \(\ell _i\) is the loss in case agent i becomes infected, and \(C=C_1\) is the cost of investing in security (level 1). If agent i does not invest in security, there is a probability \(\alpha _i\) that they become infected directly. On the other hand, \(\beta _i\) denotes the probability of indirect contagion from the other agent. Let us make the example even simpler and assume that only direct loss can be avoided by investing in security.

Table 1 Expected costs associated with investing and not investing in security
Full size table

We observe that investing in security is a dominant strategy for agent 1 if \(C < \alpha _1 \ell _1 \) and

$$\begin{aligned} C+\alpha _2\beta _1\ell _1< (\alpha _1 + (1-\alpha _1)\alpha _2 \beta _1) \ell _1 \Longrightarrow C < \alpha _1(1-\alpha _2 \beta _1)\ell _1. \end{aligned}$$

Similarly, investing in security is a dominant strategy for agent 2 if \(C < \alpha _2 \ell _2\) and

$$\begin{aligned} C+\alpha _1\beta _2\ell _2< (\alpha _2 + (1-\alpha _2)\alpha _1 \beta _2) \ell _2 \Longrightarrow C < \alpha _2(1-\alpha _1 \beta _2)\ell _2. \end{aligned}$$

We conclude that if

$$\begin{aligned} C <\min \left\{ \alpha _1(1-\alpha _2 \beta _1)\ell _1, \alpha _2(1-\alpha _1 \beta _2)\ell _2\right\} , \end{aligned}$$

then both agents will invest in self-protection, while if

$$\begin{aligned} C > \max \left\{ \alpha _1\ell _1,\alpha _2\ell _2\right\} , \end{aligned}$$

then neither agent will want to invest in self-protection. In the case

$$\begin{aligned} \max \left\{ \alpha _1(1-\alpha _2 \beta _1)\ell _1, \alpha _2(1-\alpha _1 \beta _2)\ell _2\right\}<C<\min \{\alpha _1\ell _1,\alpha _2\ell _2\}, \end{aligned}$$

there are two Nash equilibria, (0,0) and (1,1), and the solution to this game is indeterminate. In other cases, the agent with higher loss will invest in security, while the agent with lower loss will prefer not to invest.

2.2 Contact process on infinite regular trees

We now consider a set of infinitely many agents placed over an infinite directed regular tree with the same in-degree (denoted by \(d^+\)) and out-degree (denoted by \(d^-\)) satisfying \(d^+=d^-=d\). Let \({\mathcal {S}}=\{0,1, \dots , K\}\) be a finite ensemble of all possible security strategies for each agent, and, \(\beta _0>\beta _1> \dots > \beta _K\) be the infection probabilities over each directed edge depending on the security investment of the host agent. Further, let \( \alpha _0 \ge \alpha _1\ge \dots \ge \alpha _K\) denote the initial exogenous infection probabilities.

Let \(\gamma _0, \gamma _1, \dots , \gamma _K \in [0,1]\) with \(\gamma _0 + \gamma _1 + \dots + \gamma _K = 1\) be the fraction (probability) of agents invested in each security class. A simple argument shows that

$$\begin{aligned} g_s (x) := 1-(1-\alpha _s)\left( 1-\beta _sx\right) ^d \end{aligned}$$

is the probability that an agent invested in security class \(s\in {\mathcal {S}}\) ever gets infected assuming each of its incoming neighbors are infected with probability x.

Assume that each agent i faces a fixed potential loss \(\ell _i\) in case they become infected. Investing in a higher security class decreases the infection probability but increases the cost. Let \(C_s\) denote the cost of investing in security level s. So we can write the loss function for agent i investing in security class \(s\in {\mathcal {S}}\) as

$$\begin{aligned} J_i(s,\gamma )=\ell _i g_s(x_*^\gamma )+C_s, \end{aligned}$$

where (by a simple recursive argument) \(x_*^\gamma \) is the solution in [0,1] to the fixed point equation

$$\begin{aligned} x= \Phi ^{\gamma }(x):=\sum _{s\in {\mathcal {S}}} \gamma _s g_s(x). \end{aligned}$$

Note that \(\Phi ^{\gamma }(0)\ge 0, \Phi ^{\gamma }(1)\le 1\) and \(\Phi ^{\gamma }(x)\) is a strictly increasing function of x. Hence, in this case the fixed point solution is unique.

We call \(x_*^\gamma \) the global network vulnerability parameter as it represents the fraction of infected links in the network. Obviously, this parameter also depends on the agents security strategies through \(\gamma _0, \gamma _1, \dots , \gamma _K\). In order to find out these quantities in equilibrium, let us denote by \(\delta _s(x)\) the infection probability variation between security level s and \(s-1\), i.e.,

$$\begin{aligned} \delta _s(x) := g_{s-1}(x) - g_{s}(x) = (1-\alpha _s)\left( 1-\beta _sx\right) ^d - (1-\alpha _{s-1})\left( 1-\beta _{s-1}x\right) ^d > 0, \end{aligned}$$

so that each agent i prefers security class s over \(s-1\) if and only if

$$\begin{aligned} \ell _i> \ell _s(x) := \frac{C_s - C_{s-1}}{ \delta _s(x)}. \end{aligned}$$

As we will see later in Sect. 4, we will assume that the cost function is such that

$$\begin{aligned} \ell _1(x) \le \ell _2(x) \le \dots \le \ell _K(x), \end{aligned}$$

for all \(x\in [0,1]\). Indeed, if \(\ell _{s+1}(x)<\ell _{s}(x)\), the agent who believes in vulnerability x will never invest in security class s for any loss \(\ell \): If \(\ell < \ell _s(x)\), the agent prefers \(s-1\) over s, and if \(\ell \ge \ell _s(x) > \ell _{s+1}(x)\), the agent prefers security \(s+1\) over s. In particular, the condition will be satisfied if \(g_s(x)\) and \(C_s\) are both (discrete) convex functions of s:

$$\begin{aligned} C_{s+1}+C_{s-1} \ge 2C_s, \ \ \text {and} \ \ g_{s+1}(x)+g_{s-1}(x) \ge 2g_s(x), \end{aligned}$$

since in this case \(\delta _s(x)=g_{s-1}(x)-g_s(x)\) will be a decreasing function of s.

Consider now a strictly increasing continuous loss distribution function F. Consequently, it yields that the fraction \(\gamma _e^{(s)}\) of agents investing in security s in equilibrium satisfies

$$\begin{aligned} \gamma _e^{(s)} = F (\ell _{s+1} (x_*^{\gamma _e})) - F (\ell _{s} (x_*^{\gamma _e})), \end{aligned}$$

where \(x_*^{\gamma _e}\) is the unique solution to the fixed point equation \(x=\Phi ^{\gamma _e}(x)\):

$$\begin{aligned} x=\sum _{s\in {\mathcal {S}}} \gamma _e^{(s)} g_s(x), \end{aligned}$$

and, we set \(\ell _{K+1}(x)=\infty , F(\ell _{K+1}(x))=1\) and \(F(\ell _{0}(x))=0\). We will come back to this example later in Sect. 5.2 and investigate how the social optimum security strategies differ from the individual decisions.

3 Independent threshold model with security profiles

In this section, we provide our general framework for the study of contagion risks in random networks and state our main results on the asymptotic magnitude of contagion. We will also provide a resilience condition for the large network to small initial shocks and show how the bailout and intervention by a planner (government) could change the results and make the network more resilient. These results are prerequisites for the analysis of the security game in the next section.

3.1 Contagion risk model

Consider a directed graph \(G=(V,E)\) where \(V=[n]:=\{1,2, \dots ,n\}\) is the set of n vertices (agents). We study the independent threshold model with security investment, in which a vertex’s threshold is drawn independently from a distribution which depends on the vertex’s degrees and its security investment. More precisely, we consider a finite ensemble of security classes \({\mathcal {S}}\). We use the notations \(\textbf{s} = (s_1, s_2, \dots , s_n)\) and \(\textbf{s}_{-i} = (s_1, \dots , s_{i-1},s_{i+1}, \dots , s_n)\) to denote the security profiles of all agents and all agents other than i respectively.

The contagion process under the threshold model is a diffusion process that starts with a set \({\mathcal {I}}_0^{({\textbf{s}})} \subseteq V\) consisting of initially infected vertices, while every other vertex is uninfected. For each vertex \(i \in V\) with security level \(s\in {\mathcal {S}}\), we assign a (random) threshold \(\Theta _i^{(s)} \in {\mathbb {N}}\) representing its capacity to resist infection from incoming neighbors. We denote by \(p^{(s)}(d^+,d^-, \theta )\) the probability that a vertex with in-degree \(d^+\), out-degree \(d^-\) and investing in security class s becomes infected after (exactly) \(\theta \) of its incoming neighbors are infected:

$$\begin{aligned} p^{(s)}(d^+,d^-, \theta ):= {\mathbb {P}}(\Theta _i^{(s)} = \theta ), \end{aligned}$$

for agent i with degrees \((d^+,d^-)\) and investing in security class \(s\in {\mathcal {S}}\).

The contagion process starts from \({\mathcal {I}}_0^{({\textbf{s}})}\) and continues progressively by rounds. In round \(k \ge 1\), the contagion reaches a set

$$\begin{aligned} {\mathcal {I}}_k^{({\textbf{s}})}:= \left\{ i \in V \mid \Theta _i^{(s_i)} \le \# \{j \in {\mathcal {I}}_{k-1}^{({\textbf{s}})}, (j,i)\in E\}\right\} . \end{aligned}$$

This is repeated until no more vertices become infected. Note that the set of final infected vertices depend on the security investment across all agents. The final infected set is denoted by \({\mathcal {I}}_f^{({\textbf{s}})}\). We now provide few important classes of contagion models which can be seen as a special case of our general framework.

Example 3.1

(Independent cascade models) The cascade model has been extensively used for modeling the spread of infectious diseases, computer viruses, diffusion of innovation, and marketing. For example, consider the SIR (susceptible-infected-removed) epidemic model in which sites (vertices) begin as susceptible, and after being infected, they become removed, i.e., become immune to further infection. Let \(\alpha _s\) denote the initial infection probability, and \(\beta _s\) denote the probability of getting infected from each incoming neighbor if the host vertex invests in security (immunization) class s. It is easy to show that the above independent cascade model corresponds to the independent threshold model by setting

$$\begin{aligned} p^{(s)}(d^+,d^-,0) = \alpha _s \ \ \text {and} \ \ p^{(s)}(d^+,d^-,\theta ) = (1-\alpha _s)\beta _s(1-\beta _s)^{\theta -1}, \end{aligned}$$

for all \(d^+, d^-\in {\mathbb {N}}\) and \(\theta =1, \dots , d^+\).

Example 3.2

(Bootstrap percolation model) In the case where

$$\begin{aligned} p^{(s)}(d^+,d^-,0) = \alpha _s, \ \ p^{(s)}(d^+,d^-,\theta ) = (1-\alpha _s)\textrm{11}_{\{\theta =\theta _s\}}, \end{aligned}$$

our model is equivalent to the bootstrap percolation process for each security class s. This process (as well as numerous extensions and variations) has been used as a model to describe various complex phenomena in different areas. A short survey regarding its applications can be found in [3]. Several quantitative characteristics of bootstrap percolation, particularly the dependence of the initially infected set on the final infected set, have been studied on a variety of random graphs [6, 9, 10, 16, 33].

Example 3.3

(Linear threshold model) The linear threshold model has been extensively used in the literature, particularly to model neuronal activity [4, 22] and default contagion in financial networks [5, 7, 11, 27]. In this model, see e.g. [34], the edge weights \(\left( L_{ij}\right) \) denote the liability (influence) that agent i has on agent j and \(C_i=C_i^{(s)}\) represents the capacity (capital or threshold) for agent i to absorb the losses (influences) from incoming neighbors before becoming infected. At every time step, each agent i computes the total incoming weight from all infected neighbors, and if the sum exceeds the threshold \(C_i^{(s)}\), they become infected and remain so forever. For each \(i\in {\mathbb {N}}\), let \(\{L_{\ell , i}\}_{\ell =1}^\infty \) be a sequence of i.i.d. random variables. For a vertex i with degree \((d^+,d^-)\), by setting

$$\begin{aligned} p^{(s)}(d^+,d^-,\theta ) = {\mathbb {P}}(\Theta _i^{(s)}=\theta ) = {\mathbb {P}}\left( \sum _{\ell =1}^{\theta -1} L_{\ell , i} \le C_i^{(s)} < \sum _{\ell =1}^{\theta } L_{\ell , i}\right) , \end{aligned}$$
(1)

all our results will be applicable to the linear threshold model with i.i.d. random weights.

3.2 The directed configuration model

We represent the underlying network as a set of vertices \([n]:= \{1,2, \ldots , n\}\), endowed with a sequence of in-degrees \(\textbf{d}^+:= \{d_i^+\}_{i \in [n]}\) and a sequence of out-degrees \(\textbf{d}^-:= \{d_i^-\}_{i \in [n]}\). Naturally, the degrees should satisfy the condition that \( \sum _{i = 1}^n d_i^+ = \sum _{i = 1}^n d_i^-, \) in order for a graph with in- and out-degree sequence \((\textbf{d}^+, \textbf{d}^-)\) to exist. A vertex \(i \in [n]\), with degree \((d_i^+, d^-_i)\) is assigned \(d_i^+\) in-coming half edges and \(d_i^-\) out-going half edges, and the condition above ensures that in total there are as many in-coming half edges as there are out-going half edges. The configuration model with given directed degree sequence \((\textbf{d}^+, \textbf{d}^-)\) is defined as the multigraph resulting from the uniform random matching of the in-coming half edges and the out-going half edges [19, 43]. This graph is denoted by \({\mathcal {G}}={\mathcal {G}}(\textbf{d}^+, \textbf{d}^-)\) and we write \((i,j) \in {\mathcal {G}}\) for the event that there is a directed link from i to j. Although self-loops may occur, these become rare as \(n \rightarrow \infty \). It is easy to see that, conditional on the multigraph being simple graph, we obtain a uniformly distributed random graph with these given degree sequences; see e.g., [43].

We now describe the regularity assumptions on vertex degrees under the security profile \(\textbf{s}_n = (s_1, s_2, \dots , s_n)\). For each \(n \in {\mathbb {N}}\) we have a degree sequence \((\textbf{d}_n^+, \textbf{d}_n^-)\) and security profile \(\textbf{s}_n = (s_1, s_2, \dots , s_n)\), but (to lighten notation) this dependency on n will not be carried in the notation. The empirical distribution of the degrees is denoted by \(\mu _n\) which is given by

$$\begin{aligned} \mu _n^{(s)}(d^+,d^-):= \frac{1}{n} \sum _{i=1}^{n} \textrm{11}_{\{d_i^+=d^+, d_i^- =d^-, s_i=s\}}. \end{aligned}$$
(2)

We assume that the sequence \((\textbf{d}^+, \textbf{d}^-, {\textbf{s}})\) satisfies the following regularity conditions:

Condition 3.4

(Degree regularity conditions) We say that the sequence \((\textbf{d}^+, \textbf{d}^-,{\textbf{s}})\) satisfies the regularity conditions if for some probability distribution \(\mu : {\mathbb {N}}^2\times {\mathcal {S}}\rightarrow [0,1]\), independent of n, the following holds:

(\(C_1\)):

for every \(d^+,d^- \in {\mathbb {N}}\) and \(s\in {\mathcal {S}}\), as \(n \rightarrow \infty \)

$$\begin{aligned} \mu _n^{(s)}(d^+,d^-)\rightarrow \mu ^{(s)}(d^+,d^-); \end{aligned}$$
(\(C_2\)):

The average degree \(\lambda :=\sum \nolimits _{j=0}^{\infty }\sum \nolimits _{k=0}^\infty \sum \nolimits _{s\in {\mathcal {S}}}j\mu ^{(s)}(j,k) \in (0,\infty )\) and as \(n \rightarrow \infty \)

$$\begin{aligned} \sum _{j=0}^{\infty }\sum _{k=0}^\infty \sum _{s\in {\mathcal {S}}} j\mu _n^{(s)}(j,k) \rightarrow \lambda . \end{aligned}$$

We end this section by the following remark:

Remark 3.5

We state our results for the random multigraph \({\mathcal {G}}(\textbf{d}^+, \textbf{d}^-)\) constructed by configuration model. However, they could be transferred by conditioning on the multigraph being a simple graph (without loop and multiples edges). The resulting random graph, denoted by \({\mathcal {G}}^*(\textbf{d}^+, \textbf{d}^-)\), will be uniformly distributed among all directed graphs with the same degrees sequence. In order to transfer the results, we would need to assume that the degree distribution has a finite second moment, i.e.

$$\begin{aligned} \sum _{j=0}^{\infty }\sum _{k=0}^\infty \sum _{s\in {\mathcal {S}}} (j+k)^2\mu ^{(s)}(j,k) \in (0,\infty ), \end{aligned}$$

which from [30] implies that the probability that \({\mathcal {G}}(\textbf{d}^+, \textbf{d}^-)\) is simple being bounded away from zero as \(n\rightarrow \infty \). However, as stated also in [32], we suspect that all results hold even without the second moment assumption for simple random graph \({\mathcal {G}}^*(\textbf{d}^+, \textbf{d}^-)\). In [20], the authors have recently shown results for the size of the giant component from the multigraph case without using the second moment assumption; they prove that even with the (exponentially) small probability that the multigraph is simple, the error probabilities are even smaller.

3.3 Limit theorems and the resilience conditions

We let \(p^{(s)} (d^+,d^-,0)\) the probability that agent \(i \in [n]\) with degree \((d^+,d^-)\) and investing in security \(s\in {\mathcal {S}}\) is initially infected:

$$\begin{aligned} p^{(s)}(d^+,d^-,0) = {\mathbb {P}}(i \in {\mathcal {I}}_0^{({\textbf{s}})} \mid s_i=s, d_i^+=d^+, d_i^-=d^-). \end{aligned}$$

Let us denote by \({\mathcal {I}}_{f}^{(s)}(d^+,d^-)\) the set of finally infected agents with degrees \((d^+,d^-)\) and security level \(s\in {\mathcal {S}}\).

We define the function \(\Phi ^{({\textbf{s}})}: [0,1] \rightarrow [0,1]\) as

$$\begin{aligned} \Phi ^{({\textbf{s}})}(x)&:= \sum _{j=0}^\infty \sum _{k=0}^\infty \sum _{s\in {\mathcal {S}}}\frac{k\mu ^{(s)}(j, k)}{\lambda }\sum _{\theta =0}^j p^{(s)}(j, k, \theta ){\mathbb {P}}(\textsf{Bin}(j,x) \ge \theta ), \end{aligned}$$
(3)

and let \(x_*^{({\textbf{s}})}\) be the smallest fixed point of \(\Phi ^{({\textbf{s}})}\) in [0, 1]. Note that \(\Phi ^{({\textbf{s}})}\) admits at least one fixed point since it is a continuous increasing function, \(\Phi ^{({\textbf{s}})}(1) \le 1\) and \(\Phi ^{({\textbf{s}})}(0) \ge 0\).

We can interpret \(x_*^{({\textbf{s}})}\) as the probability that an incoming neighbor of a randomly chosen agent gets infected during the contagion process. The intuition behind Eq. (3) is the as follows: The incoming neighbor of a randomly chosen agent has in-degree j, out-degree k, and security s with the size-biased distribution \(\frac{k\mu ^{(s)}(j, k)}{\lambda }\). Moreover, they will have threshold \(\theta \) with probability \( p^{(s)}(j, k, \theta )\) and they will get infected if at least \(\theta \) of their incoming neighbors are infected (each independently with probability \(x_*^{({\textbf{s}})}\)).

Our first theorem concerns the limit theorem for the final number of infected agents when the number of initially infected agents is macroscopic:

Theorem 3.6

Consider a sequence of random graphs \({\mathcal {G}}(\textbf{d}^+, \textbf{d}^-)\) and security profiles \({\textbf{s}}\) satisfying Condition 3.4 and let \(x_*^{({\textbf{s}})}\) be the smallest fixed point of \(\Phi ^{({\textbf{s}})}\) in [0, 1]. We have for all \(\epsilon >0\) w.h.p.

$$\begin{aligned} \frac{|{\mathcal {I}}_{f}^{({\textbf{s}})}|}{n} \ge&\sum _{j,k} \sum _{s\in {\mathcal {S}}}\mu ^{(s)}(j, k)\sum _{\theta =0}^j p^{(s)}(j, k, \theta ){\mathbb {P}}(\textsf{Bin}(j,x_*^{({\textbf{s}})}) \ge \theta ) -\epsilon . \end{aligned}$$

Moreover,

  • if \(x_*^{({\textbf{s}})}=1\) then w.h.p. almost all vertices become infected: \(|{\mathcal {I}}_{f}| = n -o_p(n);\)

  • if \(x_*^{({\textbf{s}})}<1\) and furthermore \(x_*^{({\textbf{s}})}\) is a stable fixed point of \(\Phi ^{({\textbf{s}})}\) (i.e., \(\Phi ^{({\textbf{s}})}(x) < x\) for \(x\in (x_*^{({\textbf{s}})},x_*^{({\textbf{s}})}+\epsilon )\) and \(\epsilon >0\) small enough), then

    $$\begin{aligned} \frac{|{\mathcal {I}}_{f}^{({\textbf{s}})}|}{n} {\mathop {\longrightarrow }\limits ^{p}}\psi (x_*^{({\textbf{s}})})&:= \sum _{j,k} \sum _{s\in {\mathcal {S}}}\mu ^{(s)}(j, k)\sum _{\theta =0}^j p^{(s)}(j, k, \theta ){\mathbb {P}}(\textsf{Bin}(j,x_*^{({\textbf{s}})}) \ge \theta ), \end{aligned}$$

    and,

    $$\begin{aligned} \frac{|{\mathcal {I}}_{f}^{(s)}(d^+,d^-)|}{n\mu _n^{(s)}(d^+,d^-)} {\mathop {\longrightarrow }\limits ^{p}}\psi ^{(s)}(d^+,d^-, x_*^{({\textbf{s}})}):= \sum _{\theta =0}^j p^{(s)}(d^+, d^-, \theta ) {\mathbb {P}}(\textsf{Bin}(d^+,x_*^{({\textbf{s}})}) \ge \theta ). \end{aligned}$$

The theorem extends the result in [7] by allowing for different agent types (securities) distributions. The proof of the theorem is provided in Appendix A.3.

Our next theorem concerns the case with few initially infective agents, i.e. \(|{\mathcal {I}}_0^{({\textbf{s}})}|=o(n)\). As a corollary of Theorem 3.6, we have:

Theorem 3.7

Consider a random graph \({\mathcal {G}}(\textbf{d}^+, \textbf{d}^-)\) and a security profile \({\textbf{s}}\) satisfying Condition 3.4. If there exists \(x_0>0\) such that for all \(0<x<x_0\),

$$\begin{aligned}x > \sum _{j,k} \sum _{s\in {\mathcal {S}}}\frac{k\mu ^{(s)}(j, k)}{\lambda }\sum _{\theta =1}^j p^{(s)}(j, k, \theta ){\mathbb {P}}(\textsf{Bin}(j,x) \ge \theta ),\end{aligned}$$

and we initially infect randomly \(|{\mathcal {I}}_0^{({\textbf{s}})}| = o(n)\) vertices in [n], then \(|{\mathcal {I}}_f^{({\textbf{s}})}| = o_p(n)\).

Further, as a corollary of the above theorem, we have the following result, which generalizes the resilience condition of [7] by allowing for different agent types.

Let us define

$$\begin{aligned} {\mathcal {R}}_0^{({\textbf{s}})}:= \frac{1}{\lambda } \sum _{j,k\in {\mathbb {N}}}\sum _{s\in {\mathcal {S}}} jk \mu ^{(s)}(j,k) p^{(s)}(j,k,1). \end{aligned}$$
(4)

We denote by \({\mathcal {S}}_{1}\) to be the largest strongly connected component of the random graph \({\mathcal {G}}(\textbf{d}^+, \textbf{d}^-)\) on which we apply the site percolation process by removing all vertices with threshold \(\Theta _i \ge 2\). Let \({\mathcal {I}}_f^{({\textbf{s}})}(i)\) denote the final infected set when the epidemic is initiated from vertex \(i\in [n]\), under the security profile \({\textbf{s}}\).

Theorem 3.8

Consider a random graph \({\mathcal {G}}(\textbf{d}^+, \textbf{d}^-)\) and a security profile \({\textbf{s}}\) satisfying Condition 3.4.

  • If \({\mathcal {R}}_0^{({\textbf{s}})}<1\),

    $$\begin{aligned} \sum _{j, k} \sum _{s\in {\mathcal {S}}} jk \mu ^{(s)} (j,k) < \infty \end{aligned}$$

    and we initially infect randomly \(|{\mathcal {I}}_0^{({\textbf{s}})}| = o(n)\) vertices in [n], then \(|{\mathcal {I}}_f^{({\textbf{s}})}| = o_p(n)\).

  • If \({\mathcal {R}}^{({\textbf{s}})}_0>1\) then w.h.p. for any \(i \in {\mathcal {S}}_{1}\),

    $$\begin{aligned} \liminf _n \frac{|{\mathcal {I}}_f^{({\textbf{s}})}(i)|}{n} \ge \liminf _n \frac{|{\mathcal {S}}_{1}|}{n} > 0. \end{aligned}$$

The proof of the theorem is provided in Appendix A.6. It is worth noting that the above resilience condition requires \(\sum _{j, k} \sum _{s\in {\mathcal {S}}} jk \mu ^{(s)} (j,k) < \infty \). In [7], this is implied by the condition of finite second-order moment for the degree distribution. Thus, under the resilience condition and assuming that \(\sum _{j, k} jk \mu (j,k) < \infty \), the infection amplification is finite. However, if

$$\begin{aligned} \sum _{j, k} \sum _{s\in {\mathcal {S}}} jk \mu ^{(s)} (j,k)= \infty , \end{aligned}$$

which is the case for many real-world networks, a small fraction of initially infected agents can still trigger a large cascade under certain conditions. This is the object of a new result in this paper, which we state below.

Consider the case when \(\sum _{j,k}\sum _{s\in {\mathcal {S}}} jk \mu ^{(s)}(j,k)= \infty \). Suppose that there is a positive fraction of vertices with a finite threshold and at the same time with a large number of in- and out-degrees. These vertices will amplify the initial infections: their large number of incoming links will likely be connected to multiple initially infected vertices, and thus these vertices will reach their infection threshold. Moreover, these vertices have a large out-degree, and thus they will increase the rate of the epidemic’s spread. The following theorem is another corollary of Theorem 3.6.

Theorem 3.9

Consider a random graph \({\mathcal {G}}(\textbf{d}^+, \textbf{d}^-)\) and a security profile \({\textbf{s}}\) satisfying Condition 3.4. Assume that a small fraction \(\epsilon >0\) of all vertices represent the initial seed, i.e.,

$$\begin{aligned} \sum _{j,k}\sum _{s\in {\mathcal {S}}}\mu ^{(s)}(j,k) p^{(s)}(j,k,0) = \epsilon . \end{aligned}$$

If there exists \(x_0>0\) such that for all \(0<x<x_0\),

$$\begin{aligned} x < \sum _{j,k} \sum _{s\in {\mathcal {S}}}\frac{k\mu ^{(s)}(j, k)}{\lambda }\sum _{\theta =1}^j p^{(s)}(j, k, \theta ){\mathbb {P}}(\textsf{Bin}(j,x)\ge \theta ), \end{aligned}$$

then with high probability (for all \(\epsilon >0\))

$$\begin{aligned} \frac{|{\mathcal {I}}_{f}^{(s)}|}{n}> \psi (x_0) >0. \end{aligned}$$

The following corollary shows a discontinuity at 0 for the final size of the infected agents when the degree distribution is heavy-tailed, such as in scale-free networks.

Corollary 3.10

Assume that for some \(K \in {\mathbb {N}}, \, c \in {\mathbb {R}}^+\) and \(\chi \in (2,3)\):

$$\begin{aligned} \sum _{k\in {\mathbb {N}}} \sum _{s\in {\mathcal {S}}} \sum _{\theta =1}^{K} k \mu ^{(s)}(j,k) p^{(s)}(j,k,\theta ) \ge c j^{-\chi +1} \end{aligned}$$

for all \(j\in {\mathbb {N}}\). Consider a small fraction \(\epsilon >0\) of all vertices represent the initial seed, i.e.,

$$\begin{aligned} \sum _{j,k}\sum _{s\in {\mathcal {S}}}\mu ^{(s)}(j,k) p^{(s)}(j,k,0) = \epsilon . \end{aligned}$$

Then there exists \({\hat{x}} > 0\) the smallest positive solution of

$$\begin{aligned} x = \sum _{j, k}\sum _{s\in {\mathcal {S}}} \sum _{\theta \ge 1} \frac{k\mu ^{(s)}(j, k)}{\lambda } p(j, k, \theta ){\mathbb {P}}(\textsf{Bin}(j,x) \ge \theta ) \end{aligned}$$
(5)

such that for all \(\epsilon >0\), with high probability

$$\begin{aligned} 0< \psi ({\hat{x}})< \frac{|{\mathcal {I}}_{f}^{(s)}|}{n} <\psi ({\hat{x}}) + 2\epsilon . \end{aligned}$$

The proof of above corollary is provided in Appendix A.4. This shows that the final size of the cascade has a jump discontinuity at 0 when the degree distribution is heavy-tailed and the condition

$$\begin{aligned} \sum _{k\in {\mathbb {N}}} \sum _{s\in {\mathcal {S}}} \sum _{\theta =1}^{K} k \mu ^{(s)}(j,k) p^{(s)}(j,k,\theta ) \ge c j^{-\chi +1} \end{aligned}$$

holds for all \(j \in {\mathbb {N}}\). In particular, this condition implies that (since \(\chi \in (2,3)\)),

$$\begin{aligned} \sum _{j, k} \sum _{s\in {\mathcal {S}}}jk \mu ^{(s)}(j,k) \ge c \sum _j j^{-\chi +2} = \infty . \end{aligned}$$

The interest of this result lies in the case \(K > 1\), since when \(K = 1\), we already know from Theorem 3.8 that with this condition \({\mathcal {R}}_0^{({\textbf{s}})}>1\), and the network is not resilient. Note that in the fixed-point equation (5), the threshold runs over \(\theta \ge 1\), contrary to the fixed point of the function \(\Phi ^{({\textbf{s}})}\) in Theorem 3.6. Corollary 3.10 states that as the fraction of vertices with \(\theta = 0\) tends to zero, the number of vertices that become infected (which have a threshold \(\theta > 0\)) represents a positive fraction of the system. We also give a precise value for this final fraction of infected vertices.

3.4 Targeting interventions

In this section, we consider a social planner (lender of last resort or government) who seeks to intervene and make the network (which is initially subject to an exogenous shock) resilient, by targeting the most central players. Note that the interventions are based on the partial information of the network (based on the degrees and security class of each agent). The complete information setup has been studied in various papers, see e.g.,  [15, 28, 34,35,36].

We assume that the planner’s intervention could be either saving (vulnerable) links in the network or saving (defaulting/infected) agents based on their degrees and security classes. We denote by \((1-\pi _e) \in [0,1]\) the fraction of links saved by the planner, i.e., \(\pi _e\) denotes the fraction of remaining links in the network. Further, for a given function \(\pi _v:{\mathbb {N}}^2\times {\mathcal {S}}\rightarrow [0,1]\), we denote by \((1-\pi _v^{(s)}(d^+, d^-))\) the fraction of agents with degree \((d^+,d^-)\) and invested in security class \(s\in {\mathcal {S}}\) saved (bailed out) by the planner.

The above intervention model is equivalent to considering contagion in the percolated random graph, where we first generate the random graph \({\mathcal {G}}(\textbf{d}^+, \textbf{d}^-)\) using the configuration model and then randomly delete either vertices or edges based on the given intervention policy (since saved links and agents will not play any role in the contagion process). We denote this percolated random graph by \({\mathcal {G}}_{\pi _v,\pi _e}(\textbf{d}^+, \textbf{d}^-)\). Specifically, each edge of \({\mathcal {G}}(\textbf{d}^+, \textbf{d}^-)\) is deleted with probability \(1-\pi _e\) and each agent with degree \((d^+,d^-)\) and invested in security s is removed from the network with probability \(1-\pi _v^{(s)}(j,k)\). Consider now the independent threshold model on the percolated random graph \({\mathcal {G}}_{\pi _v,\pi _e}(\textbf{d}^+, \textbf{d}^-)\).

Theorem 3.11

Consider \({\mathcal {G}}_{\pi _v,\pi _e}(\textbf{d}^+, \textbf{d}^-)\) and suppose that Condition 3.4 holds. Let \(x_*^{({\textbf{s}})}\) be the smallest fixed point in [0,1] of

$$\begin{aligned} \Phi _{\pi _v,\pi _e}^{({\textbf{s}})}(x)&:= \sum _{j,k} \sum _{s\in {\mathcal {S}}}\frac{k\mu ^{(s)}(j, k)\pi _v^{(s)}(j,k)}{\lambda }\sum _{\theta =0}^j p^{(s)}(j, k, \theta ){\mathbb {P}}(\textsf{Bin}(j,x\pi _e) \ge \theta ). \end{aligned}$$

If \(x_*^{({\textbf{s}})}<1\) and furthermore \(x_*^{({\textbf{s}})}\) is a stable fixed point of \(\Phi ^{({\textbf{s}})}_{\pi _v,\pi _e}\), then

$$\begin{aligned} \frac{|{\mathcal {I}}_{f}^{({\textbf{s}})}|}{n} {\mathop {\longrightarrow }\limits ^{p}}\sum _{j,k} \sum _{s\in {\mathcal {S}}}\mu ^{(s)}(j, k)\pi _v^{(s)}(j,k) \sum _{\theta =0}^j p^{(s)}(j, k, \theta ){\mathbb {P}}(\textsf{Bin}(j,x_*^{({\textbf{s}})}\pi _e) \ge \theta ), \end{aligned}$$

and,

$$\begin{aligned} \frac{|{\mathcal {I}}_{f}^{(s)}(d^+,d^-)|}{n\mu _n^{(s)}(d^+,d^-)\pi _v^{(s)}(d^+,d^-)} {\mathop {\longrightarrow }\limits ^{p}}\sum _{\theta =0}^j p^{(s)}(d^+, d^-, \theta ) {\mathbb {P}}(\textsf{Bin}(d^+,x_*^{({\textbf{s}})}\pi _e) \ge \theta ). \end{aligned}$$

The proof of theorem is provided in Appendix A.5

We now investigate how the interventions could make the network resilient. Let us denote by \({\tilde{{\mathcal {S}}}}_{1}\) the largest strongly connected component of the percolated random graph \({\mathcal {G}}_{\pi _v,\pi _e}(\textbf{d}^+, \textbf{d}^-)\) (network after interventions) on which we apply (another) site percolation by removing all vertices with threshold \(\Theta _i \ge 2\).

Theorem 3.12

Consider \({\mathcal {G}}_{\pi _v,\pi _e}(\textbf{d}^+, \textbf{d}^-)\) and suppose that Condition 3.4 holds. We have:

  1. (i)

    If \(\sum _{j, k,s} jk \mu ^{(s)}(j,k) < \infty \) and

    $$\begin{aligned} \pi _e < \pi _e^*:=\frac{\lambda }{\sum _{j,k,s} jk \mu ^{(s)}(j,k) \pi _v^{(s)}(j,k)p^{(s)}(j,k,1)}, \end{aligned}$$

    then the network is resilient, i.e., if we we start by initially infecting (randomly) \(|{\mathcal {I}}_0^{({\textbf{s}})}| = o(n)\) vertices in [n], then \(|{\mathcal {I}}_f^{({\textbf{s}})}| = o_p(n)\).

  2. (ii)

    If \(\pi _e > \pi _e^*\), then w.h.p. for any \(i \in {\tilde{{\mathcal {S}}}}_{1}\),

    $$\begin{aligned} \liminf _n \frac{|{\mathcal {I}}_f^{({\textbf{s}})}(i)|}{n} \ge \liminf _n \frac{|{\tilde{{\mathcal {S}}}}_{1}|}{n} > 0. \end{aligned}$$

The proof of theorem is provided in Appendix A.6. The theorem characterizes the critical value of the bond percolation parameter (fraction of vulnerable links saved by the planner) required to make the network resilient. Note that if \(\pi _e^*>1\), then the network is already resilient under the site percolation (agents bailout by the planner).

4 Network security games

In this section, we study the network security game and provide sufficient conditions for the uniqueness of an (asymptotic) Nash equilibrium.

Remark 4.1

For the financial applications, considering the linear threshold model of Example 3.3, the threshold represents the liquidity or capital to absorb incoming losses from the defaulted neighbors (creditors). In this case, the security class could represent the quality of a firms’ assets in terms of liquidity and capital charges. A firm with more liquid assets will then have higher Tier 1 capital. In this case, instead of security classes, we can introduce different asset liquidity classes, so that agents (banks) choose optimally their asset liquidity classes. Our results could be easily transferred to this case.

4.1 Contagion risks model

We consider a network security game introduced and motivated in Sect. 2. We assume that agent i can obtain a security level \(s \in {\mathcal {S}}:=\{0,1, \dots , K\}\) for a cost \(C_i^{(s)}=C^{(s)}(d_i^+,d_i^-)\), and faces a potential loss \(\ell _i\) in case it becomes infected. It is natural to assume that:

\((C_3)\):

For all vertices the threshold is stochastically increasing with the security investment i.e., for any agent with degrees \((d^+,d^-)\) and for \(s<s'\) we have for all \(k\in {\mathbb {N}}\),

$$\begin{aligned} \sum _{\theta =0}^k p^{(s)}(d^+,d^-, \theta ) > \sum _{\theta =0}^{k} p^{(s')}(d^+,d^-, \theta ). \end{aligned}$$
(6)

On the other hand, we assume that investing in a higher security class increases the cost and thus \(C_i^{(s)}\) is strictly increasing in s.

The timeline is as follows: agents learn their potential loss in case they become infected. This is their private information, but the distribution of losses, denoted by F, is common knowledge. Agents then decide on their security level. They draw a threshold \(\theta \) from a distribution that increases stochastically with their security investment and depends on their degree. Agents that have a threshold of zero are initially infected and trigger a cascade of infections. This is equivalent to the random attack model, in which the attacker targets and infects each agent based on their degree and security level (see, e.g., [2]).

We assume that agents are risk neutral, so in the network of size n, we can write the payoff of vertex i as

$$\begin{aligned} J_i ({\varvec{\ell }}, \textbf{s}) = J_i(\ell _1,\ldots , \ell _n, s_1,\ldots , s_n):= \ell _i {\mathbb {P}}_n (i \in {\mathcal {I}}_f^{({\textbf{s}}) }) + C_i^{(s_i)}, \end{aligned}$$

where \({\mathbb {P}}_n (i \in {\mathcal {I}}_f^{({\textbf{s}}) })\) is over the distribution of the random graph \({\mathcal {G}}(\textbf{d}^+, \textbf{d}^-)\) of size n and random thresholds, given all vertices’ degrees, losses and investment security vector \({\textbf{s}}\).

We say that a security investment across agents \(\mathbf{s^*} = (s_1^*, s_2^*, \dots , s_n^*)\) is a (pure-strategy) Nash equilibrium if

$$\begin{aligned} s_i^* \in \mathop {\arg \min }_{s \in {\mathcal {S}}} J_i(\ell _1,\ldots , \ell _n, s_1^*,\ldots ,s_{i-1}^*,s, s_{i+1}^*,\ldots , s_n^*), \end{aligned}$$

for all \(i \in [n]\).

Similarly, a security profile \(\mathbf{s^*} = (s_1^*, s_2^*, \dots , s_n^*)\) is a social optimum if for all \(\textbf{s} \in {\mathcal {S}}^n\),

$$\begin{aligned} \sum _{i=1}^n J_i ({\varvec{\ell }}, \mathbf{s^*}) \le \sum _{i=1}^n J_i ({\varvec{\ell }}, \textbf{s}). \end{aligned}$$

4.2 Conditions for monotone investment

Consider a sequence of random graphs \({\mathcal {G}}(\textbf{d}^+, \textbf{d}^-)\) and security profiles \({\textbf{s}}\) satisfying Condition 3.4. According to Theorem 3.6, see also the proof in Appendix A.3, we know that \(x_*^{({\textbf{s}})}\) is the ratio of infected edges among all the edges. We call this parameter the global vulnerability of the network and securities. Then, for a given random network with vulnerability x, a representative agent with degrees \((d^+,d^-)\) and security s will become infected and faces losses \(\ell \) with (asymptotic) probability

$$\begin{aligned} \psi ^{(s)}(d^+,d^-, x):= \sum _{\theta =0}^{d^+} p^{(s)} (d^+, d^-, \theta ) {\mathbb {P}}(\textsf{Bin}(d^+,x) \ge \theta ). \end{aligned}$$

Consequently, under the network vulnerability parameter \(x\in [0,1]\), the agent’s optimal security investment shall be the value \(s^*(x)\) satisfying

$$\begin{aligned} s^*(x) \in \mathop {\arg \min }_{s \in {\mathcal {S}}} \left\{ \ell \psi ^{(s)}(d^+,d^-, x) + C^{(s)}(d^+,d^-)\right\} . \end{aligned}$$

This can be interpreted as an asymptotic Nash equilibrium with respect to the representative agent’s optimal security investment when the global network vulnerability x summarizes the impact of all individuals’ optimal security strategies and degrees distribution. This is a fixed point problem that will be described in the following.

In particular, the representative agent prefers the security class s over a lower security class \(s-1\) if and only if

$$\begin{aligned} \ell \left( \psi ^{(s-1)}(d^+,d^-, x)- \psi ^{(s)}(d^+,d^-, x) \right) > C^{(s)}(d^+,d^-)-C^{(s-1)}(d^+,d^-). \end{aligned}$$

Note also that

$$\begin{aligned} \delta _s(d^+,d^-,x)&:= \psi ^{(s-1)}(d^+,d^-, x)-\psi ^{(s)}(d^+,d^-, x) \\&= \sum _{\theta =0}^{d^+} \left( p^{(s-1)}(d^+,d^-, \theta ) - p^{(s)}(d^+,d^-, \theta )\right) {\mathbb {P}}(\textsf{Bin}(d^+,x) \ge \theta )\\&= \sum _{\theta =0}^{d^+} q_s(d^+,d^-,\theta ) {\mathbb {P}}(\textsf{Bin}(d^+,x) = \theta )>0, \end{aligned}$$

since by Condition \((C_3)\),

$$\begin{aligned} q_s(d^+,d^-,\theta ):=\sum _{j=0}^\theta \left( p^{(s-1)}(d^+,d^-, j) - p^{(s)}(d^+,d^-, j)\right) >0. \end{aligned}$$

In order to restrict ourselves to threshold-type strategies, we need a stronger assumption. Specifically, let us define for \(k=1, 2, \dots , K\):

$$\begin{aligned} \ell _s(d^+,d^-,x):= \frac{C^{(s)}(d^+,d^-)-C^{(s-1)}(d^+,d^-)}{\delta _s(d^+,d^-,x)}, \end{aligned}$$
(7)

so that the representative agent with degrees \((d^+,d^-)\) would prefer the security class s over \(s-1\) if and only if \(\ell > \ell _s(d^+,d^-,x).\)

\((C_4)\):

We assume in the following that for all \(d^+,d^- \in {\mathbb {N}}\) and \(x\in [0,1]\),

$$\begin{aligned} \ell _1(d^+,d^-,x)< \ell _2(d^+,d^-,x)< \dots < \ell _K(d^+,d^-,x). \end{aligned}$$

Under this condition, the optimal agent’s security investment is threshold-type: invest in security class k if and only if \(\ell \in (\ell _k, \ell _{k+1}]\) (we set \(\ell _{K+1}=\infty \)). Note that the above condition is automatically verified for the case with only two security strategies, i.e., \({\mathcal {S}}=\{0,1\}\).

On the other hand, we will also need to assume that such thresholds are (strictly) decreasing with the network vulnerability level x:

\((C_5)\):

For all \(d^+,d^- \in {\mathbb {N}}, s\in {\mathcal {S}}\) and \(x\in [0,1]\), the threshold function \(\ell _s(d^+,d^-,x)\) is a decreasing function of x.

The above monotone investment condition states that the level of loss where agents choose to invest in higher security class is lower when the network vulnerability is higher. The higher the global network vulnerability, the more agents invest in security.

Lemma 4.2

The monotone investment condition \((C_5)\) holds if and only if for all \(d^+,d^- \in {\mathbb {N}}, s\in {\mathcal {S}}\) and \(x\in [0,1]\),

$$\begin{aligned} \sum _{\theta =1}^{d^+} \left( p^{(s-1)}(d^+,d^-,\theta )- p^{(s)}(d^+,d^-,\theta )\right) {\mathbb {P}}(\textsf{Bin}(d^+-1,x) = \theta -1) > 0. \end{aligned}$$

The proof of lemma is provided in Appendix A.7. Consequently, the above lemma implies that if

$$\begin{aligned} p^{(s-1)}(d^+,d^-,\theta ) > p^{(s)}(d^+,d^-,\theta ) \end{aligned}$$

for all \(\theta < d^+\), then the monotone investment condition will be held. In particular, when we consider the strong versus weak protection setting in Sect. 5.1, the above condition will be held since \({\mathcal {S}}=\{0,1\}\) and the agent investing in security will never get infected, i.e., \(p^{(1)}(d^+,d^-,\theta ) = 0\). Therefore, the condition in the lemma will be satisfied.

4.3 Asymptotic Nash equilibrium analysis

We are now ready to describe the asymptotic Nash equilibrium as a fixed point problem. In the previous section we described the agents’ strategy given the global network vulnerability. Let \(x_e\) denote the expected network vulnerability (expected ratio of infected links among all the links) of the random network under expected security investments across all agents.

The representative agent with degrees \((d^+,d^-)\) would invest in the security class \(s\in {\mathcal {S}}\) if and only if

$$\begin{aligned} \ell _s (d^+,d^-,x_e)< \ell \le \ell _{s+1}(d^+,d^-,x_e). \end{aligned}$$

Hence, the fraction of agents with degrees \((d^+,d^-)\) investing in security class \(s=0,1, \dots , K\) will be (set \(F(\ell _{K+1})=1\))

$$\begin{aligned} \gamma ^{(s)}_e(d^+,d^-) = F(\ell _{s+1}(d^+,d^-,x_e)) - F(\ell _{s}(d^+,d^-,x_e)), \end{aligned}$$

and we have

$$\begin{aligned} \mu _e^{(s)} (d^+,d^-) = \mu (d^+,d^-) \gamma ^{(s)}_e(d^+,d^-). \end{aligned}$$

On the other hand, given the probability distributions \(\gamma _e:{\mathbb {N}}^2 \rightarrow {\mathcal {P}}({\mathcal {S}})\), following Theorem 3.6, a vertex i with degrees \((d^+,d^-)\) will invest in security class \(s\in {\mathcal {S}}\) as long as

$$\begin{aligned} \ell _s(d^+,d^-,x_*^{\gamma _e})<\ell _i \le \ell _{s+1}(d^+,d^-,x_*^{\gamma _e}), \end{aligned}$$

where \(x_*^{\gamma _e}\) is the smallest fixed point of

$$\begin{aligned} \Phi ^{\gamma _e}(x)&:= \sum _{j,k} \sum _{s\in {\mathcal {S}}} \frac{k\mu (j,k)\gamma _e^{(s)}(j,k)}{\lambda } \sum _{\theta =0}^j p^{(s)}(j, k, \theta ){\mathbb {P}}(\textsf{Bin}(j,x) \ge \theta ), \end{aligned}$$
(8)

in [0, 1]. Hence, the actual fraction of vertices with degree \((d^+,d^-)\) investing in security class \(s\in {\mathcal {S}}\) is given by

$$\begin{aligned} \gamma ^{(s)}(d^+,d^-) = F(\ell _{s+1}(d^+,d^-,x_*^{\gamma _e})) - F(\ell _{s}(d^+,d^-,x_*^{\gamma _e})). \end{aligned}$$
(9)

Then for \(s=K\), we have

$$\begin{aligned} \ell _{K}(d^+,d^-,x_*^{\gamma _e}) = F^{-1}\Bigl (1-\gamma ^{(K)}(d^+,d^-)\Bigr ), \end{aligned}$$

and, by backward induction, we obtain for \(s=1, \dots , K\):

$$\begin{aligned} \ell _{s}(d^+,d^-,x_*^{\gamma _e}) = F^{-1}\left( 1-\gamma ^{(K)}(d^+,d^-)-\dots -\gamma ^{(s)}(d^+,d^-)\right) =F^{-1}\left( \sum _{k=0}^{s-1} \gamma ^{(k)}(d^+,d^-)\right) . \end{aligned}$$

The willingness to pay to move from security class \(s-1\) to s for the last vertex with degrees \((d^+,d^-)\) in a network with fraction investing in security \(\gamma \) and with expectation \(\gamma _e\) can be defined as

$$\begin{aligned} W^{(s)}_{\gamma ,\gamma _e}(d^+,d^-):=\delta _s(d^+,d^-,x_*^{\gamma _e})F^{-1}\left( \sum _{k=0}^{s-1} \gamma ^{(k)}(d^+,d^-)\right) . \end{aligned}$$
(10)

For a fixed cost function \(C:{\mathcal {S}}\times {\mathbb {N}}^2\rightarrow {\mathbb {R}}^+\), in equilibrium, the expected fraction \(\gamma _e\) and the actual one \(\gamma \) must satisfy (for all \(d^+,d^-\) with \(\mu (d^+,d^-)>0\)):

$$\begin{aligned} C^{(s)}(d^+,d^-) - C^{(s-1)}(d^+,d^-) = \delta _s(d^+,d^-,x_*^{\gamma _e}))F^{-1}\left( \sum _{k=0}^{s-1} \gamma ^{(k)}(d^+,d^-)\right) . \end{aligned}$$

Hence in equilibrium, when expectations are fulfilled, the possible equilibria are given by the fixed point equations (for all \(d^+,d^-\) with \(\mu (d^+,d^-)>0)\)

$$\begin{aligned} \ell _s(d^+,d^-,x_*^{\gamma })=F^{-1}\left( \sum _{k=0}^{s-1} \gamma ^{(k)}(d^+,d^-)\right) , \end{aligned}$$
(11)

where \(x_*^{\gamma }\) is the smallest fixed point in [0, 1] of equation

$$\begin{aligned} \Phi ^{\gamma }(x)&:= \sum _{j,k} \sum _{s\in {\mathcal {S}}} \frac{k\mu (j,k)\gamma ^{(s)}(j,k)}{\lambda } \sum _{\theta =0}^j p^{(s)}(j, k, \theta ){\mathbb {P}}(\textsf{Bin}(j,x) \ge \theta ). \end{aligned}$$
(12)

4.4 Uniqueness of equilibrium

For any \(z\in [0,1]\), \((d^+,d^-) \in {\mathbb {N}}^2\) and \(s\in {\mathcal {S}}\), following Eq. (11), we define

$$\begin{aligned} \gamma ^{(s)}(d^+,d^-,z) = F(\ell _{s+1}(d^+,d^-,z)) - F(\ell _{s}(d^+,d^-,z)), \end{aligned}$$

and we set

$$\begin{aligned} \Phi ^{\gamma (z)}(x)&:= \sum _{j,k} \sum _{s\in {\mathcal {S}}} \frac{k\mu (j,k)\gamma ^{(s)}(j,k,z)}{\lambda } \sum _{\theta =0}^j p^{(s)}(j, k, \theta ){\mathbb {P}}(\textsf{Bin}(j,x) \ge \theta ). \end{aligned}$$

In the following theorem, we show the uniqueness of the (asymptotic) Nash equilibrium for the security mean-field game under monotone investment conditions.

Theorem 4.3

Consider the network security game in a random graph \({\mathcal {G}}(\textbf{d}^+, \textbf{d}^-)\). Assume that \((C_1)\)\((C_5)\) hold. We have at most one mean-field equilibrium, which is given by the solution of the following equation:

$$\begin{aligned} z= \inf \limits _{x \in [0,1]} \{x: \Phi ^{\gamma (z)}(x)=x \}. \end{aligned}$$
(13)

The proof of theorem is provided in Appendix A.8.

4.5 Algorithms to find the fixed point

In this section, we present an iterative algorithm to compute the mean-field equilibrium in Theorem 4.3 for our baseline model. We assume that the degrees are bounded from above by \(\Delta \). Note that, by Condition 3.4, one can always choose \(\Delta =\Delta _\epsilon \) such that

$$\begin{aligned} \sum _{j=0}^{\infty }\sum _{k=\Delta _\epsilon }^{\infty }\sum _{s\in {\mathcal {S}}}j\mu ^{(s)}(j,k)+\sum _{j=\Delta _\epsilon }^{\infty }\sum _{k=0}^{\infty }\sum _{s\in {\mathcal {S}}}j\mu ^{(s)}(j,k)<\epsilon . \end{aligned}$$

.

Under the assumptions of Theorem 4.3, the following algorithm is guaranteed to converge to the unique fixed point of the mapping \(\Phi ^{\gamma }\).

Step 0::

For initialization set \(t=0\), the error tolerance \(\epsilon >0\) and \(\gamma _0^{(s)}(j,k)=\textrm{11}_{\{s=0\}}\) for all \(0\le j,k \le \Delta \). Let \(x_0\) be the smallest solution \(x\in [0,1]\) of the fixed-point iteration algorithm with error tolerance \(\epsilon \) given by

$$\begin{aligned} \Phi _0(x)&:= \sum _{j=0}^{\Delta } \sum _{k=0}^\Delta \sum _{s\in {\mathcal {S}}} \frac{k\mu (j,k)\gamma _0^{(s)}(j,k)}{\lambda } \sum _{\theta =0}^j p^{(s)}(j, k, \theta ){\mathbb {P}}(\textsf{Bin}(j,x) \ge \theta )\\&= \sum _{j=0}^{\Delta } \sum _{k=0}^\Delta \frac{k\mu (j,k)}{\lambda } \sum _{\theta =0}^j p^{(0)}(j, k, \theta ){\mathbb {P}}(\textsf{Bin}(j,x) \ge \theta ). \end{aligned}$$

This is the fixed-point equilibrium under no security investment.

Step 1::

Set \(t \leftarrow t+1\). For all \(0\le j,k \le \Delta \), we set the fraction of agents with degrees (jk) investing in security \(s\in {\mathcal {S}}\) at step t to

$$\begin{aligned} \gamma _t^{(s)}(j,k):= F(\ell _{s+1}(j,k,x_{t-1})) - F(\ell _{s}(j,k,x_{t-1})), \end{aligned}$$

and let \(x_t\) be the smallest fixed-point \(x\in [0,1]\) of

$$\begin{aligned} \Phi _t(x)&:= \sum _{j=0}^{\Delta } \sum _{k=0}^\Delta \sum _{s\in {\mathcal {S}}} \frac{k\mu (j,k)\gamma _t^{(s)}(j,k)}{\lambda } \sum _{\theta =0}^j p^{(s)}(j, k, \theta ){\mathbb {P}}(\textsf{Bin}(j,x) \ge \theta ). \end{aligned}$$
Step 2::

If \(x_{t-1}-x_{t}<\epsilon \), terminate the algorithm. Otherwise, return to Step 1.

Note that due to the monotone investment conditions and the strictly increasing cdf function F, \(\Phi _t(x)\) is strictly increasing in x and strictly decreasing in t (see Appendix A.8). Hence, the fixed-point sequence \(x_t\) will be decreasing, converging to \(x_*^{({\textbf{s}})}\), which is unique by Theorem 4.3. Since \(x_t\) is non-increasing and the algorithm terminates when \(x_{t-1}-x_{t}<\epsilon \), the algorithm converges in at most \(\lfloor x_0/\epsilon \rfloor \) steps.

5 Examples and applications

In this section, we provide a more detailed analysis of the particular case where there are two security classes, and investment in security provides strong protection. For the case of random regular graphs and core-periphery network models, the social optimum is explicit, and we can theoretically guarantee that the individual decision will result in underinvestment compared to the social optimum.

5.1 Equilibrium analysis in the case of strong protection

We assume \({\mathcal {S}} = \{0, 1\}\) and consider the (extreme) case where a vertex invested in security cannot be infected at all, i.e. \(p^{(1)}(j,k,\theta ) = 0\) and \(p^{(0)}(j,k,\theta ) = p(j,k,\theta )\) for all \(j,k,\theta \). Namely, \(s_i = 0\) if vertex i does not invest in security (i.e. \(C_i^{(0)}=0\)) and \(s_i = 1\) if vertex i invests in security. An agent i with degrees \((d^+,d^-)\) can obtain a security level 1 for a cost \(C_i = C(d^+,d^-)\). Let \(\gamma (d^+,d^-)\) denotes the fraction of vertices (in equilibrium) with degrees \((d^+,d^-)\) invested in security. Hence, all vertices investing in security can be removed from the network and contagion goes through all non secured vertices. This is similar to site percolation model by setting \(\pi _v^{(s)}(d^+,d^-)=1-\gamma (d^+,d^-)\).

Note that in this setting, the conditions \((C_3)-(C_5)\) are automatically satisfied (see the remark after Lemma 4.2). Hence, the optimal decision for a vertex i with degrees \((d^+,d^-)\) and expected vulnerability belief for the network \(x_e\) is

$$\begin{aligned} \ell _i \sum \limits _{\theta } p(d^+,d^-,\theta ){\mathbb {P}}(\textsf{Bin}(d^+,x_e) \ge \theta ) > C(d^+,d^-) \ \ \Longleftrightarrow \ \ \text {agent} i \text {invests in security}. \end{aligned}$$

The equilibrium fixed point equations can be simplified to

$$\begin{aligned} \gamma (d^+,d^-) = 1 - F\left( \frac{C(d^+,d^-)}{\sum \nolimits _{\theta } p(d^+,d^-,\theta ){\mathbb {P}}(\textsf{Bin}(d^+,x_*^\gamma ) \ge \theta )}\right) , \end{aligned}$$

where \(x_*^{\gamma }\) is the smallest fixed point in [0, 1] of equation

$$\begin{aligned} \Phi ^{\gamma }(x)&:= \sum _{j,k} \frac{k\mu (j,k)(1-\gamma (j,k))}{\lambda } \sum _{\theta =0}^j p(j, k, \theta ){\mathbb {P}}(\textsf{Bin}(j,x) \ge \theta ). \end{aligned}$$

5.2 Equilibrium analysis in the case of random regular graphs

We next consider the previous strong protection setting in the case of random regular graphs, where \(d_i^+=d_i^-=d\) for all vertices \(i\in [n]\). Hence, \(\mu (d,d)=1, \lambda =d\), and we simplify the notations to

$$\begin{aligned} p(\theta )=p^{(0)} (d,d,\theta ), \gamma =\gamma (d,d), C=c(d,d), \end{aligned}$$

and

$$\begin{aligned} \delta (x)=\delta _1(d,d,x) = \sum _{\theta =0}^d p(\theta ) {\mathbb {P}}(\textsf{Bin}(d,x) \ge \theta ). \end{aligned}$$

Consequently in this case the optimal decision for agent i and expected global network vulnerability belief \(x_e\) is

$$\begin{aligned} \ell _i > \frac{C}{ \delta (x_e)} \ \ \Longleftrightarrow \ \ \text {agent} i \text {invests in security}. \end{aligned}$$

The equilibrium fixed point equations can be simplified as follows:

$$\begin{aligned} 1-\gamma = F\left( \frac{C}{\delta (x_*^\gamma )}\right) =F\left( \frac{C}{x_*^\gamma (1-\gamma )}\right) \Longrightarrow C= x_*^\gamma (1-\gamma )F^{-1}(1-\gamma ), \end{aligned}$$

where \(x_*^{\gamma }\) is the smallest fixed point in [0, 1] of equation

$$\begin{aligned} \Phi ^{\gamma }(x)&:= (1-\gamma ) \sum _{\theta =0}^d p(\theta ){\mathbb {P}}(\textsf{Bin}(d,x) \ge \theta ) = F\left( \frac{C}{\delta (x)}\right) \delta (x). \end{aligned}$$

In this case, the social utility averaged over all agents converges to

$$\begin{aligned} \frac{1}{n} \sum _{i=1}^n J_i ({\varvec{\ell }}, \textbf{s}) {\mathop {\longrightarrow }\limits ^{p}} {\bar{J}}_{\textrm{social}}(\gamma ) = \delta (x_*^\gamma )\int _\gamma ^1 F^{-1} (1-u)du+C\gamma , \end{aligned}$$

where \(\delta (x_*^\gamma )\int _0^\gamma F^{-1} (1-u)du\) is the (expected) gross cost imposed by the \((1-\gamma )\)-fraction of agents not investing in security and \(C\gamma \) is the total cost of security.

Proposition 5.1

The social planner will choose a larger fraction \(\gamma \) of agents to invest in security than the market equilibrium for any fixed cost C.

The proof of proposition is provided in Appendix A.9.

Figure 1 varies the cost C. As the cost function increases, the network vulnerability fixed point solution increases, while the final fraction of individuals investing in security decreases. The figure also shows the gap between the fraction of individuals who self-protect in equilibrium and the social optimum.

Fig. 1
figure 1

Equilibrium solutions for contact process on random regular graphs: Here \(d=10, p(0)=\alpha , p(\theta )=(1-\alpha )\beta (1-\beta )^{\theta -1}\) for \(\theta =1, \dots , d\), with \(\alpha =0.05, \beta =0.1\) and L follows an exponential distribution with mean one, i.e. \(F(\ell )=1-e^{-\ell }\)

Full size image

5.3 Analysis of agents heterogeneity: Core-periphery setup

Financial networks often involve significant asymmetries, such as the presence of a core-periphery structure. In order to provide more insights on the impact of network heterogeneity and how agents influence each other, we consider a special case where there are two types of agents: core agents with high degrees \(d_H^+ = d_H^- = d_H\) and periphery agents with low degrees \(d_L^+ = d_L^- = d_L < d_H\). We denote by \(\mu _H\) and \(\mu _L\) (respectively) the fraction of core agents and periphery agents in the (large) network. We assume that the cost of (strong) self-protection for core agents is \(C _H\) and the loss due to being infected follows distribution \(F_H\). Similarly, for a periphery agent, the cost is \(C_L< C_H\) and the loss follows distribution \(F_L\). We also set

$$\begin{aligned} p_H(\theta ) = p^{(0)}(d_H, d_H, \theta ) \ \ \ \text {and} \ \ \ p_L(\theta ) = p^{(0)}(d_L, d_L, \theta ). \end{aligned}$$

A core agent i will invest in security (with expected network vulnerability \(x_e\)) if

$$\begin{aligned} \ell _i >\frac{C_H}{\delta _H(x_e)}, \ \delta _H(x)= \sum _{\theta =0}^{d_H} p_H(\theta ) {\mathbb {P}}(\textsf{Bin}(d_H,x) \ge \theta ), \end{aligned}$$

while a periphery agent i will invest in security in the case

$$\begin{aligned} \ell _i >\frac{C_L}{\delta _L(x_e)}, \ \delta _L(x)= \sum _{\theta =0}^{d_L} p_L(\theta ) {\mathbb {P}}(\textsf{Bin}(d_L,x) \ge \theta ). \end{aligned}$$

Hence, the (asymptotic) fraction of core agents \(\gamma _H\) and periphery agents \(\gamma _L\) investing in security satisfies the equilibrium fixed point equations

$$\begin{aligned} \gamma _H = 1 - F_H\left( \frac{C_H}{\delta _H(x_*^\gamma )}\right) , \ \ \gamma _L = 1 - F_L\left( \frac{C_L}{\delta _L(x_*^\gamma )}\right) , \end{aligned}$$

where \(x_*^{\gamma }\) is the smallest fixed point in [0, 1] of equation

$$\begin{aligned} \Phi ^{\gamma }(x)&:= \frac{d_H\mu _H(1-\gamma _H)\delta _H(x) + d_L\mu _L(1-\gamma _L)\delta _L(x)}{d_H\mu _H + d_L\mu _L}. \end{aligned}$$

In this case, the average social cost function \(\frac{1}{n} \sum _{i=1}^n J_i ({\varvec{\ell }}, \textbf{s}) \) converges to

$$\begin{aligned} {\bar{J}}_{\textrm{social}}(\gamma _H, \gamma _L) = \delta _H(x_*^\gamma )\int _{\gamma _H}^1 F_H^{-1} (1-u)du+\delta _H(x_*^\gamma )\int _{\gamma _L}^1 F_L^{-1} (1-u)du +C_H\gamma _H+C_L\gamma _L. \end{aligned}$$
Fig. 2
figure 2

Equilibrium solutions for security investment in core-periphery networks: Here \(\mu _H=0.2, d_H=20, p_H(0)=0.1, p_H(5)=0.9\) and \(d_L=4, \mu _L= 0.8, p_L(0)=0.2, p_L(1)=0.3,p_L(2)=0.5\). Further, we set \(F_L(\ell )=F_H(5\ell )=1-e^{-\ell }\); the (potential) infection loss for periphery and core agents follow exponential distributions with mean 1 and 5, respectively

Full size image

Similarly to Proposition 5.1, we have:

Proposition 5.2

The social planner will choose a larger fraction \(\gamma \) of core and periphery agents investing in security than the market equilibrium for any fixed costs \(C_H\) and \(C_L\).

The proof of proposition is provided in Appendix A.9.

Figure 2 varies the cost for core \(C_H\) and periphery \(C_L\) agents and plots the fraction of core agents who invest in security against the fraction of peripheral agents who invest. The game’s equilibrium decisions are symmetric for agents of the same type based on the loss function. As the cost for periphery agents increases, we note that their investment decreases and this decreases is most pronounced close to zero. This means, as soon as the cost becomes positive, the fraction of peripheral agents investing quickly decreases. For core agents, the slope at zero is much more pronounced. When the cost for both agents is low, both have large fractions investing in security. When the cost for peripheral is low and for core it is high, we see that peripheral agents invest even more. Essentially, because they anticipate underinvestment from the cores they protect themselves to the highest degree possible. Otherwise, the contagion risk from the highly connected cores is too high. It is the cores who are the free riders, and this is based on the implicit threat of the systemic risk they impose. When the cost is high for the peripherals and low for the cores, a high proportion of cores chooses to invest. Note that peripheral agents do not immediately become free riders even when their costs become high and all cores are invested. When the cost for peripheral agents is low and fixed, the fraction of cores investing in protection is not monotone in cost. This is because of the discontinuity of the fixed point solution as a function of initially self protected cores.

The above core-periphery example clearly shows that, in a general non-symmetric network, the security investment decisions of agents not only create positive externalities but are also strategic substitutes. This means that greater investment by one type of agent typically reduces the willingness for investment of other agents. Similarly, underinvestment by some agents will encourage over-investment by others.

In the case of introducing insurance to the model, as studied in e.g. [48], the combination of security investment and insurance raises the problem of moral hazard, in which agents covered by insurance may take fewer secure measures, or even falsify their loss.

6 Concluding remarks

In this paper, we propose a general framework for security investment in a directed network of interconnected agents subject to contagion risks and potential loss. We state various limit theorems and resilience conditions depending on network structure and agent security profile. We show how these results are sensitive to edge and vertex percolation. We study the asymptotic Nash equilibrium and socially optimal security investments in a random directed network with fixed degrees. Our results allow us to understand how the structure of networks affects the resilience of the network and impacts the decisions of different network players. We show how an agent’s decision on their security level might depend on the decision of other agents in the network. In particular, we quantify how agents who decide not to invest in security protection would put the other network participants at contagion risks.

When the agents’ costs vary, the impact of the security choice on the overall system is ambiguous. When peripheral agents anticipate investment by cores, they do not completely decrease investment even when their costs increase. In contrast, cores can quickly become free-riders when their costs increase and when they anticipate investment by the periphery agents (for example because those agents have low costs). There are also non-monotonicities in the investment choices of the cores as a function of their costs. Our results point to a strong effect of the cost heterogeneity across classes of agents.

The model can be extended along the following directions.

Consider a strategic attacker which, after observing the degree and security profile of agents, selects an attack decision \({\varvec{\alpha }}\), with

$$\begin{aligned} \alpha ^{(s)}(d^+,d^-) = p^{(s)}(d^+,d^-,0), \end{aligned}$$

that represents the fraction of agents which are attacked and thus act as initial seed of the contagion. His objective is to maximize his utility given by the expected infections minus the cost of the attack decision. The cost of an attack can be captured in a simple way, for example

$$\begin{aligned} \zeta ({\varvec{\alpha }})=\sum _{d^+,d^-}\sum _{s\in {\mathcal {S}}} \mu ^{(s)}(d^+,d^-)\zeta _s(\alpha ^{(s)}(d^+,d^-) ), \end{aligned}$$

where \(\zeta _s\) denotes the cost of initially infecting (attack) the fraction of individual with security \(s \in {\mathcal {S}}\). This can turn into a attacker-defender game, if individuals take into account the possibility of strategic attack.

The model could also be applied to the insurance industry, where security investments can represent fraud detection capabilities. This means that firms with better security have a greater risk-bearing capacity than those with lower security.

Another area of interest is the cyber-insurance market. One can investigate how the presence of competitive insurers can affect security adoption. One problem with the combination of insurance and self-protection is moral hazard, which occurs when the insurance provider cannot observe the protection level of each agent [48]. The reward for a user investing in security depends on the general level of security in the network, leading to the following feedback loop situation [40]: self-protection \(\longrightarrow \) state of the network \(\longrightarrow \) pricing of the premium \(\longrightarrow \) strategy of the agent \(\longrightarrow \) self-protection. Note that if insurance providers cannot observe the security levels of the agents, there may be agents who choose not to invest in self-protection if the insurance covers part of their losses. Hence, insurance might provide a negative incentive for self-protection.