Geoffrey Heal Graduate School of Business Columbia University Howard Kunreuther Center for Risk Management.

Slides:



Advertisements
Similar presentations
A Local Mean Field Analysis of Security Investments in Networks Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) NetEcon 2008.
Advertisements

Chapter Outline 7.1 Risk Aversion and Demand for Insurance by Individuals The Effects of Insurance on Wealth Risk Aversion Other Factors Affecting an Individual’s.
1 Cyber Insurance and IT Security Investment: Impact of Interdependent Risk Hulisi Ogut, UT-Dallas Srinivasan Raghunathan, UT-Dallas Nirup Menon, UT-Dallas.
Economic Incentives to Increase Security in the Internet: the Case for Insurance Marc Lelarge (INRIA-ENS) Jean Bolot (SPRINT) IEEE INFOCOM, Rio 2009.
Moral Hazard.
Network Security: an Economic Perspective Marc Lelarge (INRIA-ENS) currently visiting STANFORD TRUST seminar, Berkeley 2011.
Risk Models and Controlled Mitigation of IT Security R. Ann Miura-Ko Stanford University February 27, 2009.
What is the incentive in insurance premiums? Radek Wasiak, PhD Center for Health Economics and Science Policy.
Game Theory: Inside Oligopoly
Managing Risk for an Uncertain Future Howard Kunreuther James G. Dinan Professor of Decision Sciences & Public Policy Co-Director.
Section 34.2 Handling Business Risks
Game-Theoretic Approaches to Critical Infrastructure Protection Workshop on Statistics and Counterterrorism November 20, 2004 Vicki Bier University of.
Lecture No. 3 Insurance and Risk.
Introduction to Derivatives and Risk Management Corporate Finance Dr. A. DeMaskey.
Competitive Cyber-Insurance and Network Security Nikhil Shetty Galina Schwartz Mark Felegyhazi Jean Walrand EECS, UC-BerkeleyWEIS 2009 Presentation.
Network Security An Economics Perspective IS250 Spring 2010 John Chuang.
Health Insurance October 19, 2006 Insurance is defined as a means of protecting against risk. Risk is a state in which multiple outcomes are possible and.
Geoffrey Heal Graduate School of Business Columbia University Howard Kunreuther Center for Risk Management.
Interdependent Security Games and Networks Networked Life CSE 112 Spring 2006 Prof. Michael Kearns.
Chapter 2 Insurance and Risk.
Uncertainty and Consumer Behavior
Game Theory: Whirlwind Review Matrix (normal form) games, mixed strategies, Nash equil. –the basic objects of vanilla game theory –the power of private.
Chapter 13.
1 Howard Kunreuther Center for Risk Management and Decision Processes The Wharton School University of Pennsylvania CIS620/OPIM952.
The Brookings Institution, Washington, D.C. Comments on “You Can Only Die Once” Peter R. Orszag The Brookings Institution April 12, 2002.
Critical Infrastructure Interdependencies H. Scott Matthews March 30, 2004.
An Introduction to Renter’s Insurance Presented by INSERT NAME: Financial Education Program on Insurance Nationwide and the Nationwide frame are federally.
Group Cooperation Under Uncertainty Min Gong, Jonathan Baron, Howard Kunreuther 11/16/2008.
Economics of Malware: Epidemic Risk Model, Network Externalities and Incentives. Marc Lelarge (INRIA-ENS) WEIS, University College London, June 2009.
Homeowners and Auto Insurance
Practice Questions. __b__The adverse selection process is prevalent in the used car market because: a.only poorer people are likely to purchase used cars.
Insurance and risk management Standard 11. What is risk? O the likelihood of loss or profit O from an investment O from some threat to your well-being.
Budget or Bust Risky Business Banking Basics Property Protection.
Who Should be Responsible for Software Security? A Comparative Analysis of Liability Policies in Network Environments Terrence August Rady School of Management,
Chapter 381 The Contract The Insurance Contract The Application Duties of Parties Statutory Provisions Generally part of contract by express stipulation.
Chapter 25 Introduction to Risk Management
Chapter Outline 12.1Risk Identification and Evaluation Identifying Exposures Property Loss Exposures Liability Losses Losses to Human Capital Losses from.
Chapter © 2010 South-Western, Cengage Learning Introduction to Risk Management Understanding Risk Managing Risk 25.
The Economics of Terrorism Insurance Neil Doherty The Future of Terror Risk Insurance University of Southern California June 2005.
Externalities.
University of Cagliari, Faculty of Economics, Business Strategy and Policy A course within the II level degree in Managerial Economics year II,
Budget or Bust Risky Business Banking Basics Property Protection.
1 st Seminar Session on Risk and Security Issues Center for Risk and Security The George Perkins Marsh Institute Conference Room May 13 th, 2005.
Chapter 2 Insurance and Risk
Copyright © 2011 Pearson Education. All Rights Reserved. Chapter 2 The Insurance Mechanism.
Insurance and Risk 2-1. Copyright © 2008 Pearson Addison-Wesley. All rights reserved. 2-2 Agenda Definition and Basic Characteristics of Insurance Requirements.
Paper Presented at World Bank Conference on Financing the Risks of Natural Disasters: A New Perspective on Country Risk Management June 2-3, 2003 Washington,
Chapter Outline 9.1Principals of Business Valuation Valuation Formula Components of the Opportunity Cost of Capital Compensation for Risk 9.2Risk Management.
Project Management IV1021Fö5 Risk Management. Agenda Project Risk Project Risk Management The Risk Management Process Goal: get an understanding of basic.
Essentials of Managerial Finance by S. Besley & E. Brigham Slide 1 of 23 Chapter 1 An Overview of Managerial Finance.
University of Cagliari, Faculty of Economics, a.a Business Strategy and Policy A course within the II level degree in Managerial Economics year.
Lesson 18 Insurance. Today’s Learning Objective What are the main types of insurance? Insurance Basics Auto Insurance Renter’s Insurance Homeowner’s Insurance.
Chapter Outline 12.1Risk Identification and Evaluation Identifying Exposures Property Loss Exposures Liability Losses Losses to Human Capital Losses from.
Introduction to Risk Management & Insurance Personal Finance Mr. Lamberti.
1 Extra Topics. 2 Economics of Information Thus far we have assumed all economic entities have perfect information when making decisions - this is obviously.
15-1 Economics: Theory Through Applications This work is licensed under the Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported.
Slide 1 INSURANCE BASICS 1.1Insurance and Risk 1.2Basic Policy Types 1.3Purchasing Considerations 1.
Review Monopoly Summary A monopoly is a firm that is the sole seller in its market. It faces a downward-sloping demand curve for its product. A.
Vocabulary Review PPT Chapter 3 Version 4E Sports and Entertainment Marketing Class – Mr. Sherpinsky Council Rock School District.
Personal Finance.  The Concept of Risk Management  Planning an Insurance Program  General Insurance Terms  Homeowners Insurance  What’s covered?
Vocabulary Review PPT 2 Sports and Entertainment Marketing Class – Mr. Sherpinsky Council Rock School District.
Operational Issues. Operational Changes It is important to organisations to ensure that they abide by the Law when caring for the safety of their employees,
"Fun is like life insurance; the older you get, the more it costs." -Frank McKinney (humorist and journalist)
Chapter 2 Insurance and Risk
Interdependent Risk Networks and Role of Cyber Insurance
Unit 5 - Portfolio Management
Introduction to Risk Management
Introduction to Risk Management
IRU07203: THEORY OF RISK AND INSURANCE
Chapter 25 Introduction to Risk Management
Presentation transcript:

Geoffrey Heal Graduate School of Business Columbia University Howard Kunreuther Center for Risk Management and Decision Processes The Wharton School University of Pennsylvania You Can Only Die Once: Interdependent Security in an Uncertain World

Types of Problems Making computer systems more secure against terrorist attacks Investing in airline security Protecting against chemical and nuclear accidents Making buildings more secure against attacks Investing in sprinklers to reduce the chances of apartment fires Avoiding divisional gambles that could bring entire firm into bankruptcy: Nick Leeson, Singapore futures market, and collapse of Baring’s Arthur Andersen brought into bankruptcy by Houston branch

Characteristics of the Problem Non Additive Damages (You can only die once) E.g., theft of proprietary data, destruction of data Not minor hassles due to disinfecting from viruses Risk Faced by One Person Depends on Actions Taken by Others (Negative stochastic externalities) E.g., communication among a network of trusted people Not viruses spread from one PC to another by

Scenario Illustrating Interdependent Security Be Careful (BC) computer system considers installing additional computer security measures for added protection Needs to balance the cost of this system with reduction in risk of damage: Not only by attacks against BC directly But also from other computers connected to BC

What Is Interdependent Security? An agent can protect itself against a risk by incurring an upfront investment cost: BC computer system can invest in protection against hackers An agent can be contaminated by others even if it is protected: BC computer system can be attacked by “trusted” computer systems that did not invest in protection

Interdependent Security Model Assumptions and Notation Consider Two Computer Systems: A 1 and A 2 Y = cost of each computer system before consideration of security Probability of direct attack on A i : p =.1 Probability of attack on A i damaging the other system: q =.2 Probability non-secure computer system damaged: p + (1 – p) p q Loss if a computer system is damaged: L = 1000 Investment cost of security system: c = 95

Interdependent Security Model Expected Costs and Decisions Expected Costs Associated with Investing (S) and Not Investing (N) in Security System SYSTEM 2 S N S Y - c, Y - c = Y - c - p q L, = Y - 95, Y - 95 Y - 295, Y SYSTEM 1 N Y - p L, Y - c - p q L = Y - p L - (1 - p) p q L = Y - 100, Y - 295Y - 280, Y Decisions If A 2 has a security system (S), then it is worth A 1 investing in one: Expected losses reduced by p L = -100 Cost of security system = 95 If A 2 does not invest in security (N), then A 1 will not want to invest in one: Expected losses reduced by p (1 - q) L - ( ) = -80 Cost of security system = 95

Types of Nash Equilibriums For c < p L (1 - p q): (S, S) is the dominant strategy For p L (1 - p q)  c < p L: (S, S) and (N, N) are Nash equilibriums For c  p L: (N, N) is the dominant strategy If the agents have different costs of investing in security measures, then we may find an equilibrium at which only one invests: (N, S) will be a Nash equilibrium if c 1 > p L and c 2 < p L (1 - p q)

Impact of Contamination if There Are n Agents When is investment in security a dominant strategy with many agents, If the others have not protected themselves? Computers: No cost incentive for a computer to protect itself against hackers if the number of agents is large enough! When the number of agents is large and none invests in security, then each agent faces a certain loss of L When the number of agents is large, investing in security can never be a dominant strategy for any agent

Impact of Contamination if There Are n Agents Payoff to firm 1 from not investing in security when the other n - 1 are also not investing: Payoff from investing: For investment in security to be dominant, you need: In the limit as n , this becomes c<0!

Types of Nash Equilibriums For : An agent will want to invest even if all other n-1 agents are unprotected (S, S, …, S) is the dominant strategy For : There are two Nash equilibriums, (S, S, …, S) and (N, N, …, N) Some coordinating mechanism is necessary to ensure investment For c  p L: (N, N, …, N) is the dominant strategy

Tipping Behavior When There Is Contamination Suppose the n systems differ in the costs and/or risks they face Define E j (n, 0) as the negative externalities imposed by system j on all other systems when no other systems invest, and system j changes from investing to not investing in security Two Results: If by switching from N to S a single system j can cause all others to switch from N to S, it will be the one that has the highest E j (n,0) If by switching from N to S a group of K systems can cause all others to follow, they will be the ones with the K highest E j (n,0)

Types of Interventions (Internalizing Negative Externalities) Insurance— Not feasible under current system, because insurer of agent i does not pay for damage to agent j (j  i) Monopolistic insurer provides premium reduction to agent i for reduction in contamination to all other agents Liability— This policy tool works only if contaminating agent is held liable for damage to others if it did not invest in protection Regulations— Well-enforced codes and standards to ensure that cost-effective security measures are adopted

Types of Interventions (Internalizing Externalities) Taxation— Can levy a tax of t dollars on any agent that did not invest in protection to encourage them to adopt security measures Coordinating mechanisms— International Air Transport Association (IATA)— requires baggage security on all bags to be transferred to other airlines Coops in New York—require that all buyers of apartments invest in sprinkler system as a condition for purchase Social norms—role of friends and neighbors

Future Research Directions Differential Costs and Risks: Nash equilibrium would be mixture of (S, S, …, N, N) Do you tax some agents more because they have a greater chance of contaminating others? Role of regulations Multi-Period and Dynamic Models: Importance of time horizon and discount rate How do you get process of investing started? Importance of developing sequential models of choice

Future Research Directions (cont.) Behavioral Considerations: Misperceptions of risk Myopia (i.e., short time horizons) Importance of affect (e.g., worry, dread, anxiety) Budget constraints

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.