Abstract
In this paper, we develop a game theory model consisting of sellers and buyers with sellers competing non-cooperatively in order to maximize their expected profits by determining their optimal product transactions as well as cybersecurity investments. The buyers reflect their preferences through the demand price functions, which depend on the product demands and on the average level of security in the marketplace. We demonstrate that the governing equilibrium conditions of this model with security information asymmetry can be formulated as a variational inequality problem. We provide qualitative properties and propose an algorithmic scheme that is easy to implement. Three sets of numerical examples are presented which reveal the impacts of the addition of buyers and sellers and a variety of changes in demand price and investment cost functions on the equilibrium product transaction and security level patterns.
Similar content being viewed by others
References
Akerlof, G.A. (1970). The market for lemons: Quality uncertainty and the market mechanism. Quarterly Journal of Economics, 84(3), 488–500.
Alter, D. (2014). Security investent more important than ever after latest data breaches. Money morning, September 8.
Anderson, R., & Moore, T. (2006). Science, 314(5799), 610–613.
Cavasoglu, H., Raghunathan, S., & Yue, W.T. (2008). Decision-theoretic and game-theoretic approaches to IT security investment. Journal of Management Information Systems, 25(2), 281–304.
Center for Strategic and International Studies (2014). Net losses: Estimating the global cost of cybercrime. Santa Clara, California.
Cournot, A.A. (1838). Researches into the mathematical principles of the theory of wealth, English translation. London, England: MacMillan.
Dafermos, S., & Nagurney, A. (1987). Oligopolistic and competitive behavior of spatially separated markets. Regional Science and Urban Economics, 17, 245–254.
Dupuis, P., & Nagurney, A. (1993). Dynamical systems and variational inequalities. Annals of Operations Research, 44, 9–42.
Gabay, D., & Moulin, H. (1980). On the uniqueness and stability of Nash equilibria in noncooperative games. In Bensoussan, A., Kleindorfer, P., & Tapiero, C.S. (Eds.) Applied stochastic control of econometrics and management science (pp. 271–294). Amsterdam.
Gartner. (2013). “Gartner reveals top 10 security myths”: by Ellen Messmer, NetworkWorld.
Gordon, L.A., & Loeb, M.P. (2002). The economics of information security investment. ACM Transactions on Information and System Security, 4, 438–457.
Hausken, K. (2006). Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability. Information Systems Frontiers, 8(5), 338–349.
Kirk, J. (2014). Target contractor says it was victim of cyberattack. PC World, February 6.
Kunreuther, H., & Heal, G. (2003). Interdependent security. The Journal of Risk and Uncertainty, 26(2/3), 231–249.
Manshei, M.H., Alpcan, T., Basar, T., & Hubaux, J.-P. (2013). Game theory meets networks security and privacy. ACM Computing Surveys, 45(3), 25:1-25:34.
Market Research (2013). United States Information Technology report Q2 2012, April 24.
Matsuura, K. (2008). Productivity space of information security in an extension of the Gordon-Loeb’s investment model. In Proceedings of the seventh workshop on the economics of information security (WEIS2008), Tuck School of Business, Dartmouth College. New Hampshire.
Nagurney, A. (1999). Network economics: A variational inequality approach, second and revised edition. Boston: Kluwer.
Nagurney, A. (2015). A multiproduct network economic model of cybercrime in financial services. Service Science, 7(1), 70–81.
Nagurney, A., & Li, D. (2014). Equilibria and dynamics of supply chain network competition with information asymmetry in quality and minimum quality standards. Computational Management Science, 11(3), 285–315.
Nagurney, A., Li, D., Wolf, T., & Saberi, S. (2013). A network economic game theory model of a service-oriented internet with choices and quality competition. Netnomics, 14(1-2), 1–25.
Nagurney, A., & Yu, M. (2012). Sustainable fashion supply chain management under oligopolistic competition and brand differentiation. International Journal of Production Economics, 135, 532–540.
Nagurney, A., Yu, M., & Qiang, Q. (2011). Supply chain network design for critical needs with outsourcing. Papers in Regional Science, 90, 123–142.
Nagurney, A., & Zhang, D. (1996). Projected dynamical systems and variational inequalities with applications. Boston: Kluwer.
Nash, J.F. (1950). Equilibrium points in n-person games. In Proceedings of the National Academy of Sciences, USA, (Vol. 36 pp. 48–49).
Nash, J.F. (1951). Noncooperative games. Annals of Mathematics, 54, 286–298.
Ponemon Institute (2013). Second annual cost of cyber crime study: Benchmark study of U.S. companies.
PriceWaterhouseCoopers (2014). Global economic crime survey.
Shetty, N.G. (2010). Design of network architectures: Role of game theory and economics. PhD dissertation, technical report no. UCB/EECS-2010-91, Electrical Engineering and Computer Sciences. Berkeley: University of California.
Shetty, N., Schwartz, G., Felegehazy, M., & Walrand, J. (2009). Competitive cyber-insurance and Internet security. In Proceedings of the Eighth Workshop on the Economics of Information Security (WEIS 2009). London, June 24-25: University College.
Tatsumi, K., & Goto, M. (2009). Optimal timing of information security investment: A real options approach. London, June 24–25: University College.
Varian, H.R. (2004). System reliability and free riding. In Camp, L.J., & Lewis, S. (Eds.) Economics of information security (pp. 1–15). Boston: Kluwer.
Zhang, D., & Nagurney, A. (1995). On the stability of projected dynamical systems. Journal of Optimization Theory and its Applications, 85, 97–124.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Nagurney, A., Nagurney, L.S. A game theory model of cybersecurity investments with information asymmetry. Netnomics 16, 127–148 (2015). https://doi.org/10.1007/s11066-015-9094-7
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11066-015-9094-7