ABSTRACT
Information security economics, an emerging and thriving research topic, attempts to address the problems of distorted incentives for stakeholders in an Internet environment, including firms, hackers, the public sector, and other participants, using economic approaches. To alleviate consumer anxiety about the loss of sensitive information, and to further increase consumer demand, firms usually integrate their information security investment strategies to capture market share from competitors and their security information sharing strategies to increase consumer demand across all member firms in industry-based information sharing centers. Using differential game theory, this article investigates dynamic strategies for security investment and information sharing for two competing firms under targeted attacks, in which both firms can influence the value of their information assets through the endogenous determination of pricing rates. We analytically and numerically examine how both security investment rates and information sharing rates are affected by several key parameters in a non-cooperative scenario, including the efficiency of security investment rates, sensitivity parameters for pricing rates, coefficients of consumer demand losses, and the density of targeted attacks. Our results reveal that, confronted with a higher coefficient of consumer demand loss and a higher density of targeted attacks, both firms are reluctant to aggressively defend against hackers and would rather decrease the negative effect of hacker attacks by lowering their pricing rates. Also, we derive feedback equilibrium solutions for the situation where both firms cooperate in security investment, information sharing, or both. It is revealed that although a higher hacker attack density always decreases a firm's integral profits, both firms are not always willing to cooperate in security investment and information sharing. Specifically, the superior firm benefits most when both firms fully cooperate and benefits the least when they behave fully non-cooperatively. However, the inferior firm enjoys the highest integral profit when both firms only cooperate in information sharing and the lowest integral profit in the completely cooperative situation.
Acknowledgements
The authors thank the editorial board and the anonymous referees for their valuable suggestions that helped to substantially improve the quality and presentation of this article.
Funding
This study was supported by the National Natural Science Foundation of China (grant no. 71501041, grant no. 71371050).
Additional information
Notes on contributors
Xing Gao
Xing Gao is a Lecturer at the Southeast University in China. His research interest is information systems economics. He has published research articles in journals such as Decision Analysis, Journal of the Operational Research Society, and Information Systems Frontiers.
Weijun Zhong
Weijun Zhong is a Professor at the Southeast University in China. His current research interests include information security economics, management information systems, and management of technology and innovation. He has published research articles in various academic journals including Journal of Management Information Systems, Technological Forecasting and Social Change, Marketing Letters, and Operations Research Letters.