Cybersecurity Investments with Nonlinear Budget Constraints: Analysis of the Marginal Expected Utilities
In this paper, we consider a recently introduced cybersecurity investment supply chain game theory model consisting of retailers and consumers at demand markets with the retailers being faced with nonlinear budget constraints on their cybersecurity investments. We construct a novel reformulation of the derived variational inequality formulation of the governing Nash equilibrium conditions. The reformulation then allows us to exploit and analyze the Lagrange multipliers associated with the bounds on the product transactions and the cybersecurity levels associated with the retailers to gain insights into the economic market forces. We provide an analysis of the marginal expected transaction utilities and of the marginal expected cybersecurity investment utilities. We then establish some stability results for the financial damages associated with a cyberattack faced by the retailers. The theoretical framework is subsequently applied to numerical examples to illustrate its applicability.
KeywordsCybersecurity Investments Supply chains Game theory Nash equilibrium Variational inequalities Lagrange multipliers Stability
MSC 2010:49K40 65K10 65K15 90C33 90C46.
The research of the first author was partially supported by Istituto Nazionale di Alta Matematica Francesco Severi (Progetto di Ricerca GNAMPA 2015: Nuove frontiere dei problemi di equlibrio su rete: dallo sviluppo sostenibile alla dinamica dei disastri ambientali ai crimini informatici). The research of the third author was supported, in part, by the National Science Foundation under Grant No. 1551444. This support is gratefully acknowledged.
- 5.P. Daniele, S. Giuffré, M. Lorino, A. Maugeri, C. Mirabella, Functional inequalities and analysis of contagion in the financial networks, in Handbook of Functional Equations. Springer Optimization and its Applications, vol. 95 (Springer, New York, 2014), pp. 129–146Google Scholar
- 9.L.A. Gordon, M.P. Loeb, M.P.W. Lucyshyn, L. Zhou, Externalities and the magnitude of cyber security underinvestment by private sector firms: a modification of the Gordon-Loeb model. J. Inf. Secur. 6, 24–30 (2015)Google Scholar
- 11.M.H. Manshaei, T. Alpcan, T. Basar, J.P. Hubaux, Game theory meets network security and privacy. ACM Comput. Surv. 45 (3), Article No. 25 (2013)Google Scholar
- 12.S. Morgan, Cybersecurity Market Reaches $75 Billon in 2015; Expected to Reach $170 Billion by 2020, Forbes, 20 December (2015)Google Scholar
- 16.A. Nagurney, L.S. Nagurney, S. Shukla, A supply chain game theory framework for cybersecurity investments under network vulnerability, in Computation, Cryptography, and Network Security, ed. by N.J. Daras, M.T. Rassias (Springer International Publishing, Switzerland, 2015), pp. 381–398CrossRefGoogle Scholar
- 19.R. Ostvold, B. Walker, Business Resilience in the Face of Cyber Risk https://www.accenture.com/t20150726T222401_w_/us-en/_acnmedia/Accenture/Conversion-Assets/DotCom/ Documents/Global/PDF/Strategy_7/Accenture-Business-Resilience-in-the-face-of-cyber-risk.pdf
- 20.N. Shetty, G. Schwartz, M. Felegehazy, J. Walrand, Competitive cyber-insurance and internet security, in Proceedings of the Eighth Workshop on the Economics of Information Security (WEIS 2009), University College London, England, 24–25 June (2009)Google Scholar
- 22.W. Yakowicz, in Companies Lose $400 Billion to Hackers Each Year. Inc., 8 September (2015)Google Scholar