Abstract
Security games are characterized by multiple players who strategically adjust their defenses against an abstract attacker, represented by realizations of nature. The defense strategies include both actions where security generates positive externalities and actions that do not. When the players are assumed to be risk averse, market insurance enters as a third strategic option. We formulate a one-shot security game with market insurance, characterize its pure equilibria, and describe how the equilibria compare to established results. Simplifying assumptions include homogeneous players, fair insurance premiums, and complete information except for realizations of nature. The results add more realism to the interpretation of analytical models of security games and might inform policy makers on adjusting incentives to improve network security and foster the development of a market for cyber-insurance.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Bandyopadhyay, T., Mookerjee, V., Rao, R.: Why IT managers don’t go for cyber-insurance products. Communications of the ACM 52(11), 68–73 (2009)
Böhme, R.: Cyber-insurance revisited. In: Workshop on the Economics of Information Security (WEIS), Cambridge, MA (2005)
Böhme, R.: Towards insurable network architectures. it - Information Technology 52(5), 290–293 (2010)
Böhme, R., Kataria, G.: Models and measures for correlation in cyber-insurance. In: Workshop on the Economics of Information Security (WEIS). University of Cambridge, UK (2006)
Böhme, R., Schwartz, G.: Modeling cyber-insurance: Towards a unifying framework. In: Workshop on the Economics of Information Security (WEIS). Harvard University, Cambridge (2010)
Ehrlich, I., Becker, G.S.: Market insurance, self-insurance, and self-protection. Journal of Political Economy 80(4), 623–648 (1972)
Grossklags, J., Christin, N., Chuang, J.: Secure or insure? A game-theoretic analysis of information security games. In: Proceedings of the 2008 World Wide Web Conference (WWW 2008), Beijing, China, pp. 209–218 (April 2008)
Grossklags, J., Christin, N., Chuang, J.: Security and insurance management in networks with heterogeneous agents. In: Proceedings of the 9th ACM Conference on Electronic Commerce (EC 2008), Chicago, IL, pp. 160–169 (July 2008)
Grossklags, J., Radosavac, S., Cárdenas, A.A., Chuang, J.: Nudge: Intermediaries’ Role in Interdependent Network Security. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 323–336. Springer, Heidelberg (2010)
Grossklags, J.: Secure or Insure: An Economic Analysis of Security Interdependence and Investment Types. PhD thesis, University of California, Berkeley (2009)
Halek, M., Eisenhauer, J.: Demography of risk aversion. The Journal of Risk and Insurance 68(1), 1–24 (2001)
Hirshleifer, J.: From weakest-link to best-shot: The voluntary provision of public goods. Public Choice 41(3), 371–386 (1983)
Hofmann, A.: Internalizing externalities of loss prevention through insurance monopoly: An analysis of interdependent risks. Geneva Risk and Insurance Review 32(1), 91–111 (2007)
Holz, T., Engelberth, M., Freiling, F.: Learning More About the Underground Economy: A Case-Study of Keyloggers and Dropzones. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 1–18. Springer, Heidelberg (2009)
Kanich, C., Kreibich, C., Levchenko, K., Enright, B., Voelker, G., Paxson, V., Savage, S.: Spamalytics: An empirical analysis of spam marketing conversion. In: Proceedings of the Conference on Computer and Communications Security (CCS), Alexandria, VA (October 2008)
Kesan, J., Majuca, R., Yurcik, W.: The economic case for cyberinsurance. In: Proceedings of the Fourth Workshop on the Economics of Information Security (WEIS), Cambridge, MA (June 2005)
Kirstein, R.: Risk neutrality and strategic insurance. The Geneva Papers on Risk and Insurance 25, 251–261 (2000)
Ogut, H., Menon, N., Raghunathan, S.: Cyber insurance and IT security investment: Impact of interdependent risk. In: Fourth Workshop on the Economics of Information Security (WEIS), Cambridge, MA (June 2005)
Pratt, J.: Risk aversion in the small and in the large. Econometrica 32(1-2), 122–136 (1964)
Shetty, N., Schwartz, G., Felegyhazi, M., Walrand, J.: Competitive Cyber-Insurance and Internet Security. In: Workshop on Economics of Information Security 2009. University College London, England (2009)
Stone-Gross, B., Holz, T., Stringhini, G., Vigna, G.: The underground economy of spam: A botmaster’s perspective of coordinating large-scale spam campaigns. In: Proceedings of the 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), Boston, MA (March 2011)
Varian, H.: System reliability and free riding. In: Camp, J., Lewis, S. (eds.) Economics of Information Security. Advances in Information Security, vol. 12, pp. 1–15. Kluwer Academic Publishers, Dordrecht (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Johnson, B., Böhme, R., Grossklags, J. (2011). Security Games with Market Insurance. In: Baras, J.S., Katz, J., Altman, E. (eds) Decision and Game Theory for Security. GameSec 2011. Lecture Notes in Computer Science, vol 7037. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25280-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-25280-8_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25279-2
Online ISBN: 978-3-642-25280-8
eBook Packages: Computer ScienceComputer Science (R0)