Journal of Combinatorial Optimization

, Volume 38, Issue 4, pp 1263–1285 | Cite as

Information security decisions for two firms in a market with different types of customers

  • Xiaofei QianEmail author
  • Jun PeiEmail author
  • Xinbao LiuEmail author
  • Mi Zhou
  • Panos M. Pardalos


This paper investigates an information security game between two competitive firms in a market consisting of loyal customers and switchers. The switchers are classified into unaggressive switchers and aggressive switchers based on whether they always transact with the more secure firm. We find that the switcher type plays a significant role in affecting firms’ information security decisions. Firms can achieve pure strategy Nash equilibrium in the unaggressive case while no pure strategy Nash equilibrium exists in the aggressive case. Instead, a mixed strategy Nash equilibrium in the aggressive case is obtained. Our analyses show that firms will acquire more profits in the unaggressive case compared to that in the aggressive case when they determine their information security levels individually. Whereas, when they make their information security decisions jointly, the profits in the unaggressive case will be smaller than that in the aggressive case. Furthermore, we find that the loyal customer rate has different impacts on firms’ profits in Nash equilibrium and optimal solution for both the unaggressive case and the aggressive case. At last, two contracts are proposed to help firms coordinate their information security strategies when they make individual decisions.


Information security decision Game model Loyal customer Switcher Nash equilibrium Optimal solution Coordination contract 



This work is supported by the National Natural Science Foundation of China (No. 71801071), the Fundamental Research Funds for the Central Universities (JZ2018HGBZ0113, JZ2018HGTA0222), the National Natural Science Foundation of China (71922009, 71801035, 71231004, 71601065, 71690235, 71690230, 71501058), Innovative Research Groups of the National Natural Science Foundation of China (71521001), and the Science and Technology Project of Zhejiang Province (No. 2017C31069). Panos M. Pardalos is partially supported by the project of “Distinguished International Professor by the Chinese Ministry of Education” (MS2014HFGY026).


  1. Bandyopadhyay T, Jacob V, Raghunathan S (2010) Information security in networked supply chains: impact of network vulnerability and supply chain integration on incentives to invest. Inf Technol Manag 11(1):7–23CrossRefGoogle Scholar
  2. Gal-Or E, Ghose A (2005) The economic incentives for sharing security information. Inf Syst Res 16(2):186–208CrossRefGoogle Scholar
  3. Gao X, Zhong W (2015) Information security investment for competitive firms with hacker behavior and security requirements. Ann Oper Res 235(1):277–300MathSciNetCrossRefGoogle Scholar
  4. Gao X, Zhong W (2016) Economic incentives in security information sharing: the effects of market structures. Inf Technol Manag 17(4):361–377CrossRefGoogle Scholar
  5. Gao X, Zhong W, Mei S (2013) A differential game approach to information security investment under hackers’ knowledge dissemination. Oper Res Lett 41:421–425MathSciNetCrossRefGoogle Scholar
  6. Gao X, Zhong W, Mei S (2014) A game-theoretic analysis of information sharing and security investment for complementary firms. J Oper Res Soc 65(11):1682–1691CrossRefGoogle Scholar
  7. Gao X, Zhong W, Mei S (2015) Security investment and information sharing under an alternative security breach probability function. Inf Syst Front 17(2):423–438CrossRefGoogle Scholar
  8. Gordon LA, Loeb MP (2002) The economics of information security investment. ACM Trans Inf Syst Secur 5(4):438–457CrossRefGoogle Scholar
  9. Hausken K (2006) Returns to information security investment: the effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability. Inf Syst Front 8(5):338–349CrossRefGoogle Scholar
  10. Hausken K (2007) Information sharing among firms and cyber attacks. J Account Public Policy 26(6):639–688CrossRefGoogle Scholar
  11. Huang CD, Behara RS (2013) Economics of information security investment in the case of concurrent heterogeneous attacks with budget constraints. Int J Prod Econ 141(1):255–268CrossRefGoogle Scholar
  12. Huang CD, Hu Q, Behara RS (2008) An economic analysis of the optimal information security investment in the case of a risk-averse firm. Int J Prod Econ 114(2):793–804CrossRefGoogle Scholar
  13. Hyken S (2015) Six types of loyal customers by Shep Hyken. Accessed 12 Jan 2019
  14. Jiang W (2018) Huazhu Hotels Group investigates alleged info leak. Accessed 12 Jan 2019
  15. Jing B, Wen Z (2008) Finitely loyal customers, switchers, and equilibrium price promotion. J Econ Manag Strategy 17(3):683–707MathSciNetCrossRefGoogle Scholar
  16. Keylor B (2018) Under Armour data breach impacts 150 million MyFitnessPal accounts. Accessed 12 Jan 2019
  17. Liu D, Ji Y, Mookerjee V (2011) Knowledge sharing and investment decisions in information security. Decis Support Syst 52(1):95–107CrossRefGoogle Scholar
  18. Liu X, Qian X, Pei J, Pardalos PM (2018) Security investment and information sharing in the market of complementary firms: impact of complementarity degree and industry size. J Glob Optim 70(2):413–436MathSciNetCrossRefGoogle Scholar
  19. Lye KW, Wing JM (2005) Game strategies in network security. Int J Inf Secur 4(1–2):71–86CrossRefGoogle Scholar
  20. Marte J (2014) Are data breaches creating smarter consumers? Accessed 12 Jan 2019
  21. Qian X, Liu X, Pei J, Pardalos PM, Liu L (2017) A game-theoretic analysis of information security investment for multiple firms in a network. J Oper Res Soc 68(10):1290–1305CrossRefGoogle Scholar
  22. Qian X, Liu X, Pei J, Pardalos PM (2018) A new game of information sharing and security investment between two allied firms. Int J Prod Res 56(12):4069–4086CrossRefGoogle Scholar
  23. Srinidhi B, Yan J, Tayi GK (2015) Allocation of resources to cyber-security: the effect of misalignment of interest between managers and investors. Decis Support Syst 75:49–62CrossRefGoogle Scholar
  24. Wu Y, Feng G, Wang N, Liang H (2015) Game of information security investment: impact of attack types and network vulnerability. Expert Syst Appl 42(15–16):6132–6146CrossRefGoogle Scholar
  25. Wu Y, Fung RY, Feng G, Wang N (2017) Decisions making in information security outsourcing: impact of complementary and substitutable firms. Comput Ind Eng 110:1–12CrossRefGoogle Scholar
  26. Wu Y, Feng G, Fung RY (2018) Comparison of information security decisions under different security and business environments. J Oper Res Soc 69(5):747–761CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.School of ManagementHefei University of TechnologyHefeiChina
  2. 2.Department of Industrial and Systems Engineering, Center for Applied OptimizationUniversity of FloridaGainesvilleUSA
  3. 3.Key Laboratory of Process Optimization and Intelligent Decision-Making of Ministry of EducationHefeiChina

Personalised recommendations