Information security decisions for two firms in a market with different types of customers. (English) Zbl 1507.91088
Summary: This paper investigates an information security game between two competitive firms in a market consisting of loyal customers and switchers. The switchers are classified into unaggressive switchers and aggressive switchers based on whether they always transact with the more secure firm. We find that the switcher type plays a significant role in affecting firms’ information security decisions. Firms can achieve pure strategy Nash equilibrium in the unaggressive case while no pure strategy Nash equilibrium exists in the aggressive case. Instead, a mixed strategy Nash equilibrium in the aggressive case is obtained. Our analyses show that firms will acquire more profits in the unaggressive case compared to that in the aggressive case when they determine their information security levels individually. Whereas, when they make their information security decisions jointly, the profits in the unaggressive case will be smaller than that in the aggressive case. Furthermore, we find that the loyal customer rate has different impacts on firms’ profits in Nash equilibrium and optimal solution for both the unaggressive case and the aggressive case. At last, two contracts are proposed to help firms coordinate their information security strategies when they make individual decisions.
MSC:
| 91B24 | Microeconomic theory (price theory and economic markets) |
| 91B06 | Decision theory |
| 91A28 | Signaling and communication in game theory |
Keywords:
information security decision; game model; loyal customer; switcher; Nash equilibrium; optimal solution; coordination contractReferences:
| [1] | Bandyopadhyay T, Jacob V, Raghunathan S (2010) Information security in networked supply chains: impact of network vulnerability and supply chain integration on incentives to invest. Inf Technol Manag 11(1):7-23 · doi:10.1007/s10799-010-0066-1 |
| [2] | Gal-Or E, Ghose A (2005) The economic incentives for sharing security information. Inf Syst Res 16(2):186-208 · doi:10.1287/isre.1050.0053 |
| [3] | Gao X, Zhong W (2015) Information security investment for competitive firms with hacker behavior and security requirements. Ann Oper Res 235(1):277-300 · Zbl 1358.91081 · doi:10.1007/s10479-015-1925-2 |
| [4] | Gao X, Zhong W (2016) Economic incentives in security information sharing: the effects of market structures. Inf Technol Manag 17(4):361-377 · doi:10.1007/s10799-015-0253-1 |
| [5] | Gao X, Zhong W, Mei S (2013) A differential game approach to information security investment under hackers’ knowledge dissemination. Oper Res Lett 41:421-425 · Zbl 1286.91023 · doi:10.1016/j.orl.2013.05.002 |
| [6] | Gao X, Zhong W, Mei S (2014) A game-theoretic analysis of information sharing and security investment for complementary firms. J Oper Res Soc 65(11):1682-1691 · doi:10.1057/jors.2013.133 |
| [7] | Gao X, Zhong W, Mei S (2015) Security investment and information sharing under an alternative security breach probability function. Inf Syst Front 17(2):423-438 · doi:10.1007/s10796-013-9411-3 |
| [8] | Gordon LA, Loeb MP (2002) The economics of information security investment. ACM Trans Inf Syst Secur 5(4):438-457 · doi:10.1145/581271.581274 |
| [9] | Hausken K (2006) Returns to information security investment: the effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability. Inf Syst Front 8(5):338-349 · doi:10.1007/s10796-006-9011-6 |
| [10] | Hausken K (2007) Information sharing among firms and cyber attacks. J Account Public Policy 26(6):639-688 · doi:10.1016/j.jaccpubpol.2007.10.001 |
| [11] | Huang CD, Behara RS (2013) Economics of information security investment in the case of concurrent heterogeneous attacks with budget constraints. Int J Prod Econ 141(1):255-268 · doi:10.1016/j.ijpe.2012.06.022 |
| [12] | Huang CD, Hu Q, Behara RS (2008) An economic analysis of the optimal information security investment in the case of a risk-averse firm. Int J Prod Econ 114(2):793-804 · doi:10.1016/j.ijpe.2008.04.002 |
| [13] | Hyken S (2015) Six types of loyal customers by Shep Hyken. https://hyken.com/customer-experience-2/six-types-of-loyal-customers/. Accessed 12 Jan 2019 |
| [14] | Jiang W (2018) Huazhu Hotels Group investigates alleged info leak. https://www.chinadaily.com.cn/a/201808/29/WS5b86473da310add14f38871b.html. Accessed 12 Jan 2019 |
| [15] | Jing B, Wen Z (2008) Finitely loyal customers, switchers, and equilibrium price promotion. J Econ Manag Strategy 17(3):683-707 · doi:10.1111/j.1530-9134.2008.00191.x |
| [16] | Keylor B (2018) Under Armour data breach impacts 150 million MyFitnessPal accounts. https://www.identityforce.com/blog/under-armour-data-breach-myfitnesspal. Accessed 12 Jan 2019 |
| [17] | Liu D, Ji Y, Mookerjee V (2011) Knowledge sharing and investment decisions in information security. Decis Support Syst 52(1):95-107 · doi:10.1016/j.dss.2011.05.007 |
| [18] | Liu X, Qian X, Pei J, Pardalos PM (2018) Security investment and information sharing in the market of complementary firms: impact of complementarity degree and industry size. J Glob Optim 70(2):413-436 · Zbl 1409.91152 · doi:10.1007/s10898-017-0585-y |
| [19] | Lye KW, Wing JM (2005) Game strategies in network security. Int J Inf Secur 4(1-2):71-86 · doi:10.1007/s10207-004-0060-x |
| [20] | Marte J (2014) Are data breaches creating smarter consumers? https://www.washingtonpost.com/news/get-there/wp/2014/10/20/are-data-breaches-creating-better-consumers/. Accessed 12 Jan 2019 |
| [21] | Qian X, Liu X, Pei J, Pardalos PM, Liu L (2017) A game-theoretic analysis of information security investment for multiple firms in a network. J Oper Res Soc 68(10):1290-1305 · doi:10.1057/s41274-016-0134-y |
| [22] | Qian X, Liu X, Pei J, Pardalos PM (2018) A new game of information sharing and security investment between two allied firms. Int J Prod Res 56(12):4069-4086 · doi:10.1080/00207543.2017.1400704 |
| [23] | Srinidhi B, Yan J, Tayi GK (2015) Allocation of resources to cyber-security: the effect of misalignment of interest between managers and investors. Decis Support Syst 75:49-62 · doi:10.1016/j.dss.2015.04.011 |
| [24] | Wu Y, Feng G, Wang N, Liang H (2015) Game of information security investment: impact of attack types and network vulnerability. Expert Syst Appl 42(15-16):6132-6146 · doi:10.1016/j.eswa.2015.03.033 |
| [25] | Wu Y, Fung RY, Feng G, Wang N (2017) Decisions making in information security outsourcing: impact of complementary and substitutable firms. Comput Ind Eng 110:1-12 · doi:10.1016/j.cie.2017.05.018 |
| [26] | Wu Y, Feng G, Fung RY (2018) Comparison of information security decisions under different security and business environments. J Oper Res Soc 69(5):747-761 · doi:10.1057/s41274-017-0263-y |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
