Security and Insurance Management in Networks with Heterogeneous Agents
We argue that users often underestimate the strong mutual dependence between their security strategies and the economic environment (e.g., threat model) in which these choices are made and evaluated. This misunderstanding weakens the effectiveness of users' security investments, and is compounded by heterogeneity within the user population, in some cases further reducing incentives for cooperation and coordination.
We study how economic agents invest into security in five different economic environments, that are characteristic of different threat models. We consider generalized models of traditional public goods games (e.g., total effort and weakest link) and two recently proposed games (e.g., weakest target game). Agents may split their contributions between a public good (protection) and a private good (self-insurance).
Our analysis centers on how agents respond to incentives when important parameters of the game (i.e., loss probability, loss magnitude, and cost of technology) are heterogeneous in the agent population. We also highlight key differences to the case of homogeneous decision makers. For example, security investments may become substantially more sensitive to the size of the network. We extend our results to discuss important modes of intervention.