References
- Allen, T., Hernandez, O., & Alomair, A. (2020). Optimal off-line experimentation for games. Decision Analysis. Advance Online Publication, https://doi.org/https://doi.org/10.1287/deca.2020.0412
- Anderson, R. (2001). Why information security is hard: An economic perspective. Proceedings of the 17th Annual Computer Security Applications Conference, 358–365. https://doi.org/https://doi.org/10.1109/ACSAC.2001.991552
- Andoh-Baidoo, F. K., & Osei-Bryson, K.-M. (2007). Exploring the characteristics of Internet security breaches that impact the market value of breached firms. Expert Systems with Applications, 32(3), 703–725. https://doi.org/https://doi.org/10.1016/j.eswa.2006.01.020
- Arthur, C. (2011). Sony suffers second data breach with theft of 25m more user details. https://www.guardian.com/technology/blog/2011/may/03/
- Cavusoglu, H., Raghunathan, S., & Yue, W. T. (2008). Decision-theoretic and game-theoretic approaches to IT security investment. Journal of Management Information Systems, 25(2), 281–304. https://doi.org/https://doi.org/10.2753/MIS0742-1222250211
- Cezar, A., Cavusoglu, H., & Raghunathan, S. (2017). Sourcing information security operations: The role of risk interdependency and competitive externality in outsourcing decisions. Production and Operations Management, 26(5), 860–879. https://doi.org/https://doi.org/10.1111/poms.12681
- Farahmand, F., Navathe, S. B., Sharp, G. P., & Enslow, P. H. (2004). Evaluating damages caused by information systems security incidents. In: L. J. Camp & S. Lewis (Eds.), Economics of information security. Vol 12. Advances in information security (pp. 85–94). Springer. https://doi.org/https://doi.org/10.1007/1-4020-8090-5_7
- Gao, X., & Zhong, W. (2015). Information security investment for competitive firms with hacker behavior and security requirements. Annals of Operations Research, 235(1), 277–300. https://doi.org/https://doi.org/10.1007/s10479-015-1925-2
- Gao, X., & Zhong, W. (2016). A differential game approach to security investment and information sharing in a competitive environment. IIE Transactions, 48(6), 511–526. https://doi.org/https://doi.org/10.1080/0740817X.2015.1125044
- Gao, X., Zhong, W., & Mei, S. (2013). Information security investment when hackers disseminate knowledge. Decision Analysis, 10(4), 352–368. https://doi.org/https://doi.org/10.1287/deca.2013.0278
- Gao, X., Zhong, W., & Mei, S. (2014). A game-theoretic analysis of information sharing and security investment for complementary firms. Journal of the Operational Research Society, 65(11), 1682–1691. https://doi.org/https://doi.org/10.1057/jors.2013.133
- Garcia, P. (2019). Why do hackers hack? – 3 Reasons explained. https://blog.sucuri.net/2019/06/why-do-hackers-hack-3-reasons-explained.html
- Ghose, A., & Gal-Or, E. (2005). The economic incentives for sharing security information. Information Systems Research, 16(2), 186–208. https://doi.org/https://doi.org/10.1287/isre.1050.0053
- Gordon, L. A., & Loeb, M. P. (2002). The economics of information security investment. ACM Transactions on Information and System Security, 5(4), 438–457. https://doi.org/https://doi.org/10.1145/581271.581274
- Hausken, K. (2007). Information sharing among firms and cyber attacks. Journal of Accounting and Public Policy, 26(6), 639–688. https://doi.org/https://doi.org/10.1016/j.jaccpubpol.2007.10.001
- Lee, C. H., Geng, X., & Raghunathan, S. (2013). Contracting information security in the presence of double moral hazard. Information Systems Research, 24(2), 295–311. https://doi.org/https://doi.org/10.1287/isre.1120.0447
- Lee, C. H., Geng, X., & Raghunathan, S. (2016). Mandatory standards and organizational information security. Information Systems Research, 27(1), 70–86. https://doi.org/https://doi.org/10.1287/isre.2015.0607
- Liu, W., Tanaka, H., & Matsuura, K. (2007). Empirical-analysis methodology for information-security investment and its application to reliable survey of Japanese Firms. IPSJ Digital Courier, 3, 585–599. https://doi.org/https://doi.org/10.2197/ipsjdc.3.585
- MarketsandMarkets. (2018). Managed Security services market - Global forecast to 2023. Poneomon Institute.
- Peng, R., Wu, D., Sun, M., & Wu, S. (2020). An attack-defense game on interdependent networks. Journal of the Operational Research Society. https://doi.org/https://doi.org/10.1080/01605682.2020.1784048
- Png, I. P. L., Wang, C. Y., & Wang, Q.-H. (2008). The deterrent and displacement effects of information security enforcement: International evidence. Journal of Management Information Systems, 25(2), 125–144. https://doi.org/https://doi.org/10.2753/MIS0742-1222250206
- Png, I. P. L., & Wang, Q. H. (2009). Information security: Facilitating user precautions vis-à-vis enforcement against attackers. Journal of Management Information Systems, 26(2), 97–121. https://doi.org/https://doi.org/10.2753/MIS0742-1222260205
- Ponemon. (2019). Cost of a data breach report 2019. Poneomon Institute.
- Qian, X., Liu, X., Pei, J., Pardalos, P. M., & Liu, L. (2017). A game-theoretic analysis of information security investment for multiple firms in a network. Journal of the Operational Research Society, 68(10), 1290–1305. https://doi.org/https://doi.org/10.1057/s41274-016-0134-y
- Qian, X., Pei, J., Liu, X., Zhou, M., & Pardalos, P. (2019). Information security decisions for two firms in a market with different types of customers. Journal of Combinatorial Optimization, 38(4), 1263–1285. https://doi.org/https://doi.org/10.1007/s10878-019-00446-6
- Selten, R., & Chmura, T. (2008). Stationary concepts for experimental 2x2-games. American Economic Review, 98(3), 938–966. https://doi.org/https://doi.org/10.1257/aer.98.3.938
- Tanaka, H., Matsuura, K., & Sudoh, O. (2005). Vulnerability and information security investment: An empirical analysis of e-local government in Japan. Journal of Accounting and Public Policy, 24(1), 37–59. https://doi.org/https://doi.org/10.1016/j.jaccpubpol.2004.12.003
- Tversky, A., & Kahneman, D. (1992). Advances in prospect theory: Cumulative representation of uncertainty. Journal of Risk and Uncertainty, 5(4), 297–323. https://doi.org/https://doi.org/10.1007/BF00122574
- Vijayan, J. (2008). Changes to PCI standard not expected to up ante on protecting payment card data. http://www.computerworld.com/s/article/9113104/
- Wu, D., Yan, X., Peng, R., & Wu, S. (2020). Optimal defence-attack strategies between one defender and two attackers. Journal of the Operational Research Society, 71(11), 1830–1846. https://doi.org/https://doi.org/10.1080/01605682.2019.1630332
- Wu, Y., Duan, J., Dai, T., & Cheng, D. (2020). Managing security outsourcing in the presence of strategic hackers. Decision Analysis, 17(3), 235–259. https://doi.org/https://doi.org/10.1287/deca.2019.0406
- Wu, Y., Feng, G., & Fung, R. Y. K. (2018). Comparison of information security decisions under different security and business environments. Journal of the Operational Research Society, 69(5), 747–761. https://doi.org/https://doi.org/10.1057/s41274-017-0263-y
- Wu, Y., Feng, G., Wang, N., & Liang, H. (2015). Game of information security investment: Impact of attack types and network vulnerability. Expert Systems with Applications, 42(15–16), 6132–6146. https://doi.org/https://doi.org/10.1016/j.eswa.2015.03.033
- Wu, Y., Fung, R. Y. K., Feng, G., & Wang, N. (2017). Decisions making in information security outsourcing: Impact of complementary and substitutable firms. Computers & Industrial Engineering, 110, 1–12. https://doi.org/https://doi.org/10.1016/j.cie.2017.05.018
- Zhao, X., Xue, L., & Whinston, A. B. (2013). Managing interdependent information security risks: Cyberinsurance, managed security services, and risk pooling arrangements. Journal of Management Information Systems, 30(1), 123–152. https://doi.org/https://doi.org/10.2753/MIS0742-1222300104