Optimal investment strategy for cyber security management of small and medium-sized enterprises based on the heterogeneous perspective

被引：0

作者：

Wang R. ^{[1
]}

Xu H. ^{[1
]}

Wang Z. ^{[2
]}

Xu X. ^{[2
]}

机构：

[1] School of Finance, Hunan University of Technology and Business, Changsha

[2] School of Economics, Beijing Technology and Business University, Beijing

来源：

Xitong Gongcheng Lilun yu Shijian/System Engineering Theory and Practice | 2023年 / 43卷 / 02期

关键词：

cooperation; cyber security insurance; heterogeneity; non-cooperation; security investment; small and medium-sized enterprises;

D O I：

10.12011/SETP2022-1001

中图分类号：

学科分类号：

摘要：

The rapid development of information technology has brought complex and diverse network security problems. Now, more and more small and medium-sized enterprises, who have weak security foundation, begin to try a new security investment model combining risk management services and cyber security insurance. However, either over-investment or under-investment could result in losses of efficiency in cyber security risk management, and even unacceptable insecurity. Therefore, this paper discusses the small and medium-sized enterprises’ local optimal solutions and global optimal solutions to their multi-player games from the perspective of heterogeneity, and tries to optimize their decision-making model in cyber security investment. On one hand, the result shows that there exists optimal solution for the risk-averse enterprises to achieve optimal and stable equilibrium under non-cooperation circumstance. On the other hand, under cooperation circumstance, although the overall utility of the market would increase, each single enterprise has the motivation to break the equilibrium of cooperation because of the prisoner’s dilemma. There exists no stable equilibrium. Further, this paper studies the effects of insurance deductible and cyber security expense on the wealth utilities of uncooperative enterprises when taking the additional premium into consideration. It is proved that a reasonable level of insurance deductible could increase the enterprises’ wealth utilities. © 2023 Systems Engineering Society of China. All rights reserved.

引用

页码：398 / 420

页数：22

共 40 条

[11] Marotta A, Martinelli F, Nanni S, Et al., Cyber-insurance survey[J], Computer Science Review, 24, pp. 35-61, (2017)
[12] Gao L, Lu W H., The establishment of China’s insurance system of network information security[J], Insurance Studies, 7, pp. 86-91, (2011)
[13] Kunreuther H, Heal G., Interdependent security[J], Journal of risk and uncertainty, 26, 2, pp. 231-249, (2003)
[14] Lelarge M, Bolot J., A local mean field analysis of security investments in networks[C], Proceedings of the 3rd International Workshop on Economics of Networked Systems, pp. 25-30, (2008)
[15] Vakilinia I, Sengupta S., A coalitional cyber-insurance framework for a common platform[J], IEEE Transactions on Information Forensics and Security, 14, 6, pp. 1526-1538, (2018)
[16] Shetty N, Schwartz G, Felegyhazi M, Et al., Competitive cyber-insurance and internet security[M], Economics of Information Security and Privacy, pp. 229-247, (2010)
[17] Dong K X, Xie Z X, Zhen J, Et al., Optimal decision analysis of insurance company investment information security software under dependent risk[J], Insurance Studies, 6, pp. 66-80, (2019)
[18] Wang X L, Wang Y., Strategic analysis of cyber security risk insurance: Based on the research structure of cyber insurance life process[J], Journal of Intelligence, 36, 11, pp. 34-40, (2017)
[19] Yang Z, Lui J C S., Security adoption and influence of cyber-insurance markets in heterogeneous networks[J], Performance Evaluation, 74, pp. 1-17, (2014)
[20] Pal R, Golubchik L, Psounis K, Et al., Will cyber-insurance improve network security? A market analysis[C], IEEE Conference on Computer Communications, pp. 235-243, (2014)

← 1 2 3 4 →