A DYNAMIC THEORY OF SECURITY FREE-RIDING BY FIRMS IN THE WFH AGE

The COVID-19 pandemic has radically transformed the work-from-home (WFH) paradigm, and expanded an organization’s cyber-vulnerability space. We propose a novel strategic method to quantify the degree of sub-optimal cybersecurity in an organization of employees, all of whom work in heterogeneous WFH ”siloes”. Specifically, we model the per-unit cost of asymmetric WFH employees to invest in security-improving effort units as time-discounted exponential martingales over time, and derive as benchmark - the centrally-planned socially optimal aggregate employee effort at any given time instant. We then derive the time-varying strategic Nash equilibrium amount of aggregate employee effort in cybersecurity in a distributed setting. The time-varying ratio of these centralized and distributed estimates quantifies the free riding dynamics, i.e., security sub-optimality, within an organization. Rigorous estimates of the degree of sub-optimal cybersecurity will drive organizational policy makers to design appropriate (customized) solutions that voluntarily incentivize WFH employees to invest in required cybersecurity best practices.

[1]  Leonard J. Mirman,et al.  The great fish war: an example using a dynamic Cournot-Nash solution , 2020, Fisheries Economics.

[2]  Richard J. La,et al.  Effects of Degree Correlations in Interdependent Security: Good or Bad? , 2017, IEEE/ACM Transactions on Networking.

[3]  Shreyas Sundaram,et al.  Interdependent Security Games on Networks Under Behavioral Probability Weighting , 2015, IEEE Transactions on Control of Network Systems.

[4]  Richard J. La,et al.  Interdependent Security With Strategic Agents and Cascades of Infection , 2015, IEEE/ACM Transactions on Networking.

[5]  Levente Buttyán,et al.  A Survey of Interdependent Information Security Games , 2014, ACM Comput. Surv..

[6]  Hana Bendov'a,et al.  QUANTIFICATION OF THE BANACH-SAKS PROPERTY , 2014, 1406.0684.

[7]  Leon A. Petrosyan,et al.  Subgame Consistent Cooperative Provision of Public Goods , 2013, Dyn. Games Appl..

[8]  F. Riedel,et al.  Continuous-Time Public Good Contribution Under Uncertainty: A Stochastic Control Approach , 2013, 1307.2849.

[9]  S. Shankar Sastry,et al.  On the interdependence of reliability and security in Networked Control Systems , 2011, IEEE Conference on Decision and Control and European Control Conference.

[10]  Pan Hui,et al.  Modeling Internet Security Investments: Tackling Topological Information Uncertainty , 2011, GameSec.

[11]  Jean C. Walrand,et al.  How Bad Are Selfish Investments in Network Security? , 2011, IEEE/ACM Transactions on Networking.

[12]  Santanu Roy,et al.  On sequential and simultaneous contributions under incomplete information , 2011, Int. J. Game Theory.

[13]  Leana Golubchik,et al.  Analyzing Self-Defense Investments in Internet Security under Cyber-Insurance Coverage , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems.

[14]  Alvaro A. Cárdenas,et al.  Nudge: intermediaries' role in interdependent network security , 2010, SAC '10.

[15]  C. Ewald,et al.  Dynamic voluntary provision of public goods with uncertainty: a stochastic differential game model , 2009 .

[16]  K. Back,et al.  Open Loop Equilibria and Perfect Competition in Option Exercise Games , 2009 .

[17]  Nicolas Christin,et al.  Secure or insure?: a game-theoretic analysis of information security games , 2008, WWW.

[18]  Marc Lelarge,et al.  A local mean field analysis of security investments in networks , 2008, NetEcon '08.

[19]  Lawrence A. Gordon,et al.  Sharing Information on Computer Systems Security: An Economic Analysis , 2003 .

[20]  Leslie M. Marx,et al.  Dynamic Voluntary Contribution to a Public Project , 2000 .

[21]  Chaim Fershtman,et al.  Dynamic voluntary provision of public goods , 1991 .

[22]  H. Varian,et al.  On the private provision of public goods , 1986 .

[23]  H. Rosenthal,et al.  Participation and the provision of discrete public goods: a strategic analysis , 1984 .

[24]  T. Groves,et al.  Optimal Allocation of Public Goods: A Solution to the 'Free Rider Problem' , 1977 .

[25]  J. Komlos A generalization of a problem of Steinhaus , 1967 .

[26]  P. Samuelson The Pure Theory of Public Expanditure , 1954 .

[27]  S. Shankar Sastry,et al.  Security of interdependent and identical networked control systems , 2013, Autom..

[28]  Robert McClelland,et al.  SEQUENTIAL CONTRIBUTIONS TO PUBLIC GOODS , 2007 .

[29]  Srinivasan Raghunathan,et al.  Cyber Insurance and IT Security Investment: Impact of Interdependence Risk , 2005, WEIS.

[30]  Hal R. Varian,et al.  System Reliability and Free Riding , 2004, Economics of Information Security.

[31]  H. Kunreuther,et al.  Interdependent Security , 2003 .

[32]  P. Malliavin Infinite dimensional analysis , 1993 .

[33]  T. L. Schwartz The Logic of Collective Action , 1986 .

[34]  CONTROL APPROACH , 2022 .