Security and insurance management in networks with heterogeneous agents

Jens Grossklags, Nicolas Christin, John Chuang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

21 Citations (Scopus)

Abstract

Computer users express a strong desire to prevent attacks and to reduce the losses from computer and information security breaches. However, security compromises are common and widespread and highly damaging. Next to attackers' increased sophistication, a root cause for the harm inflicted is that users often fail to optimally protect their resources or to recover gracefully from a security breach. We argue that users often underestimate the strong mutual dependence between their security strategies and the economic environment (e.g., threat model) in which these choices are made and evaluated. This misunderstanding weakens the effectiveness of users' security investments, and is compounded by heterogeneity within the user population, in some cases further reducing incentives for cooperation and coordination. We study how economic agents invest into security in five different economic environments, that are characteristic of different threat models. We consider generalized models of traditional public goods games (e.g., total effort and weakest link) and two recently proposed games (e.g., weakest target game). Agents may split their contributions between a public good (protection) and a private good (self-insurance). Our analysis centers on how agents respond to incentives when important parameters of the game (i.e., loss probability, loss magnitude, and cost of technology) are heterogeneous in the agent population. We also highlight key differences to the case of homogeneous decision makers. For example, security investments may become substantially more sensitive to the size of the network. We extend our results to discuss important modes of intervention.

Original languageEnglish (US)
Title of host publicationEC'08 - Proceedings of the 2008 ACM Conference on Electronic Commerce
Pages160-169
Number of pages10
DOIs
StatePublished - Dec 1 2008
Event2008 ACM Conference on Electronic Commerce, EC'08 - Chicago, IL, United States
Duration: Jul 8 2008Jul 12 2008

Publication series

NameProceedings of the ACM Conference on Electronic Commerce

Other

Other2008 ACM Conference on Electronic Commerce, EC'08
CountryUnited States
CityChicago, IL
Period7/8/087/12/08

Fingerprint

Insurance
Security of data
Economics
Costs

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Science Applications
  • Computer Networks and Communications

Cite this

Grossklags, J., Christin, N., & Chuang, J. (2008). Security and insurance management in networks with heterogeneous agents. In EC'08 - Proceedings of the 2008 ACM Conference on Electronic Commerce (pp. 160-169). (Proceedings of the ACM Conference on Electronic Commerce). https://doi.org/10.1145/1386790.1386818
Grossklags, Jens ; Christin, Nicolas ; Chuang, John. / Security and insurance management in networks with heterogeneous agents. EC'08 - Proceedings of the 2008 ACM Conference on Electronic Commerce. 2008. pp. 160-169 (Proceedings of the ACM Conference on Electronic Commerce).
@inproceedings{88cbf65dec6747d8b390c771fba67e3e,
title = "Security and insurance management in networks with heterogeneous agents",
abstract = "Computer users express a strong desire to prevent attacks and to reduce the losses from computer and information security breaches. However, security compromises are common and widespread and highly damaging. Next to attackers' increased sophistication, a root cause for the harm inflicted is that users often fail to optimally protect their resources or to recover gracefully from a security breach. We argue that users often underestimate the strong mutual dependence between their security strategies and the economic environment (e.g., threat model) in which these choices are made and evaluated. This misunderstanding weakens the effectiveness of users' security investments, and is compounded by heterogeneity within the user population, in some cases further reducing incentives for cooperation and coordination. We study how economic agents invest into security in five different economic environments, that are characteristic of different threat models. We consider generalized models of traditional public goods games (e.g., total effort and weakest link) and two recently proposed games (e.g., weakest target game). Agents may split their contributions between a public good (protection) and a private good (self-insurance). Our analysis centers on how agents respond to incentives when important parameters of the game (i.e., loss probability, loss magnitude, and cost of technology) are heterogeneous in the agent population. We also highlight key differences to the case of homogeneous decision makers. For example, security investments may become substantially more sensitive to the size of the network. We extend our results to discuss important modes of intervention.",
author = "Jens Grossklags and Nicolas Christin and John Chuang",
year = "2008",
month = "12",
day = "1",
doi = "10.1145/1386790.1386818",
language = "English (US)",
isbn = "9781605581699",
series = "Proceedings of the ACM Conference on Electronic Commerce",
pages = "160--169",
booktitle = "EC'08 - Proceedings of the 2008 ACM Conference on Electronic Commerce",

}

Grossklags, J, Christin, N & Chuang, J 2008, Security and insurance management in networks with heterogeneous agents. in EC'08 - Proceedings of the 2008 ACM Conference on Electronic Commerce. Proceedings of the ACM Conference on Electronic Commerce, pp. 160-169, 2008 ACM Conference on Electronic Commerce, EC'08, Chicago, IL, United States, 7/8/08. https://doi.org/10.1145/1386790.1386818

Security and insurance management in networks with heterogeneous agents. / Grossklags, Jens; Christin, Nicolas; Chuang, John.

EC'08 - Proceedings of the 2008 ACM Conference on Electronic Commerce. 2008. p. 160-169 (Proceedings of the ACM Conference on Electronic Commerce).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Security and insurance management in networks with heterogeneous agents

AU - Grossklags, Jens

AU - Christin, Nicolas

AU - Chuang, John

PY - 2008/12/1

Y1 - 2008/12/1

N2 - Computer users express a strong desire to prevent attacks and to reduce the losses from computer and information security breaches. However, security compromises are common and widespread and highly damaging. Next to attackers' increased sophistication, a root cause for the harm inflicted is that users often fail to optimally protect their resources or to recover gracefully from a security breach. We argue that users often underestimate the strong mutual dependence between their security strategies and the economic environment (e.g., threat model) in which these choices are made and evaluated. This misunderstanding weakens the effectiveness of users' security investments, and is compounded by heterogeneity within the user population, in some cases further reducing incentives for cooperation and coordination. We study how economic agents invest into security in five different economic environments, that are characteristic of different threat models. We consider generalized models of traditional public goods games (e.g., total effort and weakest link) and two recently proposed games (e.g., weakest target game). Agents may split their contributions between a public good (protection) and a private good (self-insurance). Our analysis centers on how agents respond to incentives when important parameters of the game (i.e., loss probability, loss magnitude, and cost of technology) are heterogeneous in the agent population. We also highlight key differences to the case of homogeneous decision makers. For example, security investments may become substantially more sensitive to the size of the network. We extend our results to discuss important modes of intervention.

AB - Computer users express a strong desire to prevent attacks and to reduce the losses from computer and information security breaches. However, security compromises are common and widespread and highly damaging. Next to attackers' increased sophistication, a root cause for the harm inflicted is that users often fail to optimally protect their resources or to recover gracefully from a security breach. We argue that users often underestimate the strong mutual dependence between their security strategies and the economic environment (e.g., threat model) in which these choices are made and evaluated. This misunderstanding weakens the effectiveness of users' security investments, and is compounded by heterogeneity within the user population, in some cases further reducing incentives for cooperation and coordination. We study how economic agents invest into security in five different economic environments, that are characteristic of different threat models. We consider generalized models of traditional public goods games (e.g., total effort and weakest link) and two recently proposed games (e.g., weakest target game). Agents may split their contributions between a public good (protection) and a private good (self-insurance). Our analysis centers on how agents respond to incentives when important parameters of the game (i.e., loss probability, loss magnitude, and cost of technology) are heterogeneous in the agent population. We also highlight key differences to the case of homogeneous decision makers. For example, security investments may become substantially more sensitive to the size of the network. We extend our results to discuss important modes of intervention.

UR - http://www.scopus.com/inward/record.url?scp=67249156597&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=67249156597&partnerID=8YFLogxK

U2 - 10.1145/1386790.1386818

DO - 10.1145/1386790.1386818

M3 - Conference contribution

AN - SCOPUS:67249156597

SN - 9781605581699

T3 - Proceedings of the ACM Conference on Electronic Commerce

SP - 160

EP - 169

BT - EC'08 - Proceedings of the 2008 ACM Conference on Electronic Commerce

ER -

Grossklags J, Christin N, Chuang J. Security and insurance management in networks with heterogeneous agents. In EC'08 - Proceedings of the 2008 ACM Conference on Electronic Commerce. 2008. p. 160-169. (Proceedings of the ACM Conference on Electronic Commerce). https://doi.org/10.1145/1386790.1386818