IDEAS home Printed from https://ideas.repec.org/a/wsi/igtrxx/v20y2018i01ns021919891750027x.html
   My bibliography  Save this article

Proactivity and Retroactivity of Firms and Information Sharing of Hackers

Author

Listed:
  • Kjell Hausken

    (Faculty of Sciences, University of Stavanger, 4036 Stavanger, Norway)

Abstract

One firm defends proactively or retroactively against a first hacker, and thereafter against a second hacker, in four four-period games. The hackers share information for financial gain, mutual advantage, and reputation. The first hacker’s attack and information sharing are strategic substitutes. When the firm is proactive in period 1, the first hacker’s information sharing decreases as the second hacker’s attack cost increases. The deterring effort in eight corner solutions is proportional to the deterred player’s valuation and inverse proportional to the deterred player’s unit effort cost. When the first hacker exerts higher effort and shares more information, lower defense by the firm is sufficient to deter the second hacker. When the firm is deterred by the first hacker, the first hacker attacks less and shares more information than in the interior solution. For the first hacker and the firm, both players commonly prefer the disadvantaged player to move first. The exception is that the firm prefers to deter the first disadvantaged hacker when the two hackers benefit substantially from information sharing, reputation gain, or the second player is advantaged. The results contrast with the literature where the advantaged player commonly prefers to move first, with conflicting sequence preferences.

Suggested Citation

  • Kjell Hausken, 2018. "Proactivity and Retroactivity of Firms and Information Sharing of Hackers," International Game Theory Review (IGTR), World Scientific Publishing Co. Pte. Ltd., vol. 20(01), pages 1-30, March.
    • Handle: RePEc:wsi:igtrxx:v:20:y:2018:i:01:n:s021919891750027x
    DOI: 10.1142/S021919891750027X
    as

    Download full text from publisher

    File URL: http://www.worldscientific.com/doi/abs/10.1142/S021919891750027X
    Download Restriction: Access to full text is restricted to subscribers
    File URL: https://libkey.io/10.1142/S021919891750027X?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Huseyin Cavusoglu & Birendra Mishra & Srinivasan Raghunathan, 2005. "The Value of Intrusion Detection Systems in Information Technology Security Architecture," Information Systems Research, INFORMS, vol. 16(1), pages 28-46, March.
    2. Nizovtsev, Dmitri & Thursby, Marie, 2007. "To disclose or not? An analysis of software user behavior," Information Economics and Policy, Elsevier, vol. 19(1), pages 43-64, March.
    3. Kjell Hausken, 2011. "Strategic defense and attack of series systems when agents move sequentially," IISE Transactions, Taylor & Francis Journals, vol. 43(7), pages 483-504.
    4. Chul Ho Lee & Xianjun Geng & Srinivasan Raghunathan, 2013. "Contracting Information Security in the Presence of Double Moral Hazard," Information Systems Research, INFORMS, vol. 24(2), pages 295-311, June.
    5. Jay Pil Choi & Chaim Fershtman & Neil Gandal, 2010. "Network Security: Vulnerabilities And Disclosure Policy," Journal of Industrial Economics, Wiley Blackwell, vol. 58(4), pages 868-894, December.
    6. Ashish Arora & Ramayya Krishnan & Rahul Telang & Yubao Yang, 2010. "An Empirical Analysis of Software Vendors' Patch Release Behavior: Impact of Vulnerability Disclosure," Information Systems Research, INFORMS, vol. 21(1), pages 115-132, March.
    7. Esther Gal-Or & Anindya Ghose, 2005. "The Economic Incentives for Sharing Security Information," Information Systems Research, INFORMS, vol. 16(2), pages 186-208, June.
    8. Hausken, Kjell, 2006. "Income, interdependence, and substitution effects affecting incentives for security investment," Journal of Accounting and Public Policy, Elsevier, vol. 25(6), pages 629-665.
    9. Gordon, Lawrence A. & Loeb, Martin P. & Lucyshyn, William, 2003. "Sharing information on computer systems security: An economic analysis," Journal of Accounting and Public Policy, Elsevier, vol. 22(6), pages 461-485.
    10. Terrence August & Marius Florin Niculescu & Hyoduk Shin, 2014. "Cloud Implications on Software Network Structure and Security Risks," Information Systems Research, INFORMS, vol. 25(3), pages 489-510, September.
    11. Tyler Moore & Richard Clayton & Ross Anderson, 2009. "The Economics of Online Crime," Journal of Economic Perspectives, American Economic Association, vol. 23(3), pages 3-20, Summer.
    12. Sam Ransbotham & Sabyasachi Mitra, 2009. "Choice and Chance: A Conceptual Model of Paths to Information Security Compromise," Information Systems Research, INFORMS, vol. 20(1), pages 121-139, March.
    13. Hausken, Kjell, 2007. "Information sharing among firms and cyber attacks," Journal of Accounting and Public Policy, Elsevier, vol. 26(6), pages 639-688.
    14. Kjell Hausken & Vicki M. Bier & Jun Zhuang, 2009. "Defending Against Terrorism, Natural Disaster, and All Hazards," International Series in Operations Research & Management Science, in: Vicki M. M. Bier & M. Naceur Azaiez (ed.), Game Theoretic Risk Analysis of Security Threats, chapter 4, pages 65-97, Springer.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Guizhou Wang & Jonathan W. Welburn & Kjell Hausken, 2020. "A Two-Period Game Theoretic Model of Zero-Day Attacks with Stockpiling," Games, MDPI, vol. 11(4), pages 1-26, December.
    2. Bandyopadhyay, Subhayu & Sandler, Todd, 2023. "Politically influenced counterterrorism policy and welfare efficiency," European Journal of Political Economy, Elsevier, vol. 76(C).
    3. Kjell Hausken & Jonathan W. Welburn, 2021. "Attack and Defense Strategies in Cyber War Involving Production and Stockpiling of Zero-Day Cyber Exploits," Information Systems Frontiers, Springer, vol. 23(6), pages 1609-1620, December.
    4. Ali Pala & Jun Zhuang, 2019. "Information Sharing in Cybersecurity: A Review," Decision Analysis, INFORMS, vol. 16(3), pages 172-196, September.
    5. William N. Caballero & Ethan Gharst & David Banks & Jeffery D. Weir, 2023. "Multipolar Security Cooperation Planning: A Multiobjective, Adversarial-Risk-Analysis Approach," Decision Analysis, INFORMS, vol. 20(1), pages 16-39, March.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, vol. 8(2), pages 1-23, May.
    2. Kjell Hausken, 2017. "Information Sharing Among Cyber Hackers in Successive Attacks," International Game Theory Review (IGTR), World Scientific Publishing Co. Pte. Ltd., vol. 19(02), pages 1-33, June.
    3. Xing Gao & Weijun Zhong, 2016. "A differential game approach to security investment and information sharing in a competitive environment," IISE Transactions, Taylor & Francis Journals, vol. 48(6), pages 511-526, June.
    4. Xing Gao & Weijun Zhong & Shue Mei, 2013. "Information Security Investment When Hackers Disseminate Knowledge," Decision Analysis, INFORMS, vol. 10(4), pages 352-368, December.
    5. Xing Gao & Weijun Zhong & Shue Mei, 2014. "A game-theoretic analysis of information sharing and security investment for complementary firms," Journal of the Operational Research Society, Palgrave Macmillan;The OR Society, vol. 65(11), pages 1682-1691, November.
    6. Yong Wu & Mengyao Xu & Dong Cheng & Tao Dai, 2022. "Information Security Strategies for Information-Sharing Firms Considering a Strategic Hacker," Decision Analysis, INFORMS, vol. 19(2), pages 99-122, June.
    7. Xing Gao & Weijun Zhong & Shue Mei, 2015. "Security investment and information sharing under an alternative security breach probability function," Information Systems Frontiers, Springer, vol. 17(2), pages 423-438, April.
    8. Levitin, Gregory & Hausken, Kjell & Taboada, Heidi A. & Coit, David W., 2012. "Data survivability vs. security in information systems," Reliability Engineering and System Safety, Elsevier, vol. 100(C), pages 19-27.
    9. Yong Wu & Gengzhong Feng & Richard Y. K. Fung, 2018. "Comparison of information security decisions under different security and business environments," Journal of the Operational Research Society, Taylor & Francis Journals, vol. 69(5), pages 747-761, May.
    10. Meilin He & Laura Devine & Jun Zhuang, 2018. "Perspectives on Cybersecurity Information Sharing among Multiple Stakeholders Using a Decision‐Theoretic Approach," Risk Analysis, John Wiley & Sons, vol. 38(2), pages 215-225, February.
    11. Xing Gao & Weijun Zhong, 2015. "Information security investment for competitive firms with hacker behavior and security requirements," Annals of Operations Research, Springer, vol. 235(1), pages 277-300, December.
    12. Yosra Miaoui & Noureddine Boudriga, 2019. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 21(2), pages 261-300, April.
    13. Yosra Miaoui & Noureddine Boudriga, 0. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 0, pages 1-40.
    14. Kai-Lung Hui & Ping Fan Ke & Yuxi Yao & Wei T. Yue, 2019. "Bilateral Liability-Based Contracts in Information Security Outsourcing," Information Systems Research, INFORMS, vol. 30(2), pages 411-429, June.
    15. Daniel Schatz & Rabih Bashroush, 0. "Economic valuation for information security investment: a systematic literature review," Information Systems Frontiers, Springer, vol. 0, pages 1-24.
    16. Huseyin Cavusoglu & Srinivasan Raghunathan & Hasan Cavusoglu, 2009. "Configuration of and Interaction Between Information Security Technologies: The Case of Firewalls and Intrusion Detection Systems," Information Systems Research, INFORMS, vol. 20(2), pages 198-217, June.
    17. Rui Peng & Di Wu & Mengyao Sun & Shaomin Wu, 2021. "An attack-defense game on interdependent networks," Journal of the Operational Research Society, Taylor & Francis Journals, vol. 72(10), pages 2331-2341, October.
    18. Xiaotong Li, 2022. "An evolutionary game‐theoretic analysis of enterprise information security investment based on information sharing platform," Managerial and Decision Economics, John Wiley & Sons, Ltd., vol. 43(3), pages 595-606, April.
    19. Yonghua Ji & Subodha Kumar & Vijay Mookerjee, 2016. "When Being Hot Is Not Cool: Monitoring Hot Lists for Information Security," Information Systems Research, INFORMS, vol. 27(4), pages 897-918, December.
    20. Qingqing Zhai & Rui Peng & Jun Zhuang, 2020. "Defender–Attacker Games with Asymmetric Player Utilities," Risk Analysis, John Wiley & Sons, vol. 40(2), pages 408-420, February.

    More about this item

    Keywords

    Information sharing; cyber security; game theory; asset allocation; contest success function; security investment;
    All these keywords.

    JEL classification:

    • C72 - Mathematical and Quantitative Methods - - Game Theory and Bargaining Theory - - - Noncooperative Games
    • D72 - Microeconomics - - Analysis of Collective Decision-Making - - - Political Processes: Rent-seeking, Lobbying, Elections, Legislatures, and Voting Behavior
    • D74 - Microeconomics - - Analysis of Collective Decision-Making - - - Conflict; Conflict Resolution; Alliances; Revolutions
    • D80 - Microeconomics - - Information, Knowledge, and Uncertainty - - - General
    • F50 - International Economics - - International Relations, National Security, and International Political Economy - - - General
    • H56 - Public Economics - - National Government Expenditures and Related Policies - - - National Security and War
    • L86 - Industrial Organization - - Industry Studies: Services - - - Information and Internet Services; Computer Software

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:wsi:igtrxx:v:20:y:2018:i:01:n:s021919891750027x. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Tai Tone Lim (email available below). General contact details of provider: http://www.worldscinet.com/igtr/igtr.shtml .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.