In this talk, we address management of network risks and incentives for investing in network security. We will connect with relevant classical papers, such Akerlof's (1972), Rothschild and Stiglitz (1976), and introduce the problems of moral hazard and adverse selection.
We will formally derive the expression for breach probability for large-scale networks with interdependencies. Our approach allows to compute a benchmark of actuarially fair cyber-contracts for networks with both, homogeneous, and heterogeneous users. We demonstrate that the size of user deductible cannot be user choice variable. Instead, the size of deductible is determined by the basic parameters of the environment: user's risk attitudes, his wealth, his cost of security, and expected amount of loss if the breach occurs.
Back to Graduate Summer School: Games and Contracts for Cyber-Physical Security