Security Games with Market Insurance
Security games are characterized by multiple players who strategically adjust their defenses against an abstract attacker, represented by realizations of nature. The defense strategies include both actions where security generates positive externalities and actions that do not. When the players are assumed to be risk averse, market insurance enters as a third strategic option. We formulate a one-shot security game with market insurance, characterize its pure equilibria, and describe how the equilibria compare to established results. Simplifying assumptions include homogeneous players, fair insurance premiums, and complete information except for realizations of nature. The results add more realism to the interpretation of analytical models of security games and might inform policy makers on adjusting incentives to improve network security and foster the development of a market for cyber-insurance.
KeywordsGame theory Security Externalities Protection Self-insurance Market insurance
Unable to display preview. Download preview PDF.
- 2.Böhme, R.: Cyber-insurance revisited. In: Workshop on the Economics of Information Security (WEIS), Cambridge, MA (2005)Google Scholar
- 4.Böhme, R., Kataria, G.: Models and measures for correlation in cyber-insurance. In: Workshop on the Economics of Information Security (WEIS). University of Cambridge, UK (2006)Google Scholar
- 5.Böhme, R., Schwartz, G.: Modeling cyber-insurance: Towards a unifying framework. In: Workshop on the Economics of Information Security (WEIS). Harvard University, Cambridge (2010)Google Scholar
- 7.Grossklags, J., Christin, N., Chuang, J.: Secure or insure? A game-theoretic analysis of information security games. In: Proceedings of the 2008 World Wide Web Conference (WWW 2008), Beijing, China, pp. 209–218 (April 2008)Google Scholar
- 8.Grossklags, J., Christin, N., Chuang, J.: Security and insurance management in networks with heterogeneous agents. In: Proceedings of the 9th ACM Conference on Electronic Commerce (EC 2008), Chicago, IL, pp. 160–169 (July 2008)Google Scholar
- 10.Grossklags, J.: Secure or Insure: An Economic Analysis of Security Interdependence and Investment Types. PhD thesis, University of California, Berkeley (2009)Google Scholar
- 15.Kanich, C., Kreibich, C., Levchenko, K., Enright, B., Voelker, G., Paxson, V., Savage, S.: Spamalytics: An empirical analysis of spam marketing conversion. In: Proceedings of the Conference on Computer and Communications Security (CCS), Alexandria, VA (October 2008)Google Scholar
- 16.Kesan, J., Majuca, R., Yurcik, W.: The economic case for cyberinsurance. In: Proceedings of the Fourth Workshop on the Economics of Information Security (WEIS), Cambridge, MA (June 2005)Google Scholar
- 18.Ogut, H., Menon, N., Raghunathan, S.: Cyber insurance and IT security investment: Impact of interdependent risk. In: Fourth Workshop on the Economics of Information Security (WEIS), Cambridge, MA (June 2005)Google Scholar
- 20.Shetty, N., Schwartz, G., Felegyhazi, M., Walrand, J.: Competitive Cyber-Insurance and Internet Security. In: Workshop on Economics of Information Security 2009. University College London, England (2009)Google Scholar
- 21.Stone-Gross, B., Holz, T., Stringhini, G., Vigna, G.: The underground economy of spam: A botmaster’s perspective of coordinating large-scale spam campaigns. In: Proceedings of the 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), Boston, MA (March 2011)Google Scholar