异质性视角下中小企业网络安全防御的最优投资策略

Optimal investment strategy for cyber security management of small and medium-sized enterprises based on the heterogeneous perspective

信息技术的飞速发展,带来了复杂多样的网络安全问题.越来越多基础安全设施相对薄弱的中小企业开始尝试“风险管理服务+网络安全保险”这一安全防御模式.但防御投资过度或不足均会导致网络安全风险管理效率损失或防御失败.据此,在异质性视角下,以中小企业为研究对象,对其网络安全投资决策模型进行了优化,并探讨了企业决策在多方博弈中的局部和全局最优解.研究表明,企业间安全防御投资行为处于非合作状态时,存在安全防御投资的最优解使风险厌恶型企业财富效用达到最大且稳定均衡;反之,若企业处于合作状态,尽管市场总效用有所提升,但由于存在“囚徒困境”,单个企业均存在打破合作的动机,因而在合作状态下,效用并不稳定;最后,讨论了考虑附加保费情形下保险免赔额、安全防御支出与非合作企业财富效用之间的关系,证明了设置一定的免赔额可对企业的财富效用起到促进作用.

The rapid development of information technology has brought complex and diverse network security problems.Now,more and more small and medium-sized enterprises,who have weak security foundation,begin to try a new security investment model combining risk management services and cyber security insurance.However,either over-investment or under-investment could result in losses of efficiency in cyber security risk management,and even unacceptable insecurity.Therefore,this paper discusses the small and medium-sized enterprises’local optimal solutions and global optimal solutions to their multi-player games from the perspective of heterogeneity,and tries to optimize their decision-making model in cyber security investment.On one hand,the result shows that there exists optimal solution for the risk-averse enterprises to achieve optimal and stable equilibrium under non-cooperation circumstance.On the other hand,under cooperation circumstance,although the overall utility of the market would increase,each single enterprise has the motivation to break the equilibrium of cooperation because of the prisoner’s dilemma.There exists no stable equilibrium.Further,this paper studies the effects of insurance deductible and cyber security expense on the wealth utilities of uncooperative enterprises when taking the additional premium into consideration.It is proved that a reasonable level of insurance deductible could increase the enterprises’wealth utilities.