Economics and Optimal Investment Policies of Attackers and Defenders in Cybersecurity

  title={Economics and Optimal Investment Policies of Attackers and Defenders in Cybersecurity},
  author={Austin B. Ebel and Debasis Mitra},
In our time cybersecurity has grown to be a topic of massive proportion at the national and en-terprise levels. Our thesis is that the economic perspective and investment decision-making are vital factors in determining the outcome of the struggle. To build our economic framework, we borrow from the pioneering work of Gordon and Loeb in which the Defender optimally trades-off investments for lower likelihood of its system breach. Our two-sided model additionally has an Attacker, assumed to be… 



Coordination in Network Security Games: A Monotone Comparative Statics Approach

  • M. Lelarge
  • Computer Science, Economics
    IEEE Journal on Selected Areas in Communications
  • 2012
This paper starts with an economic model for a single agent, that determines the optimal amount to invest in protection, and derives conditions to ensure that the incentives of all agents are aligned towards a better security.

The economics of information security investment

An economic model is presented that determines the optimal amount to invest to protect a given set of information and takes into account the vulnerability of the information to a security breach and the potential loss should such a breach occur.

A Game-Theoretic Framework for Network Security Vulnerability Assessment and Mitigation

In this paper we propose and discuss a game-theoretic framework for (a) evaluating security vulnerability, (b) quantifying the corresponding Pareto optimal vulnerability/cost tradeoff, and (c)

Measuring the Cost of Cybercrime

The figures suggest that the UK should spend less in anticipation of cybercrime and more in response – that is, on the prosaic business of hunting down cyber-criminals and throwing them in jail.

IT Security Investment and Gordon-Loeb's 1/e Rule

The question of investment into IT security is addressed: how much a firm facing a risk of loss due to IT vulnerabilities has to invest in mitigating these risks?

Why information security is hard - an economic perspective

  • Ross J. Anderson
  • Computer Science
    Seventeenth Annual Computer Security Applications Conference
  • 2001
The author puts forward a contrary view: information insecurity is at least as much due to perverse incentives as it is due to technical measures.

Optimal policies for natural monopolies

Cost Tradeoffs for Information Security Assurance

This paper focuses to analyze such tradeoffs in terms of investment costs and opportunity cost (from perspective of defender and attacker respectively) of the CIA aspects of a computer based information system.

Game theory for applied economists

This book introduces one of the most powerful tools of modern economics to a wide audience: those who will later construct or consume game-theoretic models. Robert Gibbons addresses scholars in