CAJ | 학술논문

网络互联环境下企业被黑客入侵的概率受其自身信息系统安全水平和整个网络安全水平的共同影响.通过研究企业非合作博弈下的个体最优选择的均衡结果和合作下的社会最优投资选择,发现非合作企业在信息系统安全投资时会忽略其他企业的边际外部成本或收益,这种负外部性特征会导致企业自我防御投资额低于社会最优投资水平,从而影响社会福利最大化的实现.为解决这种非合作下的安全投资不足问题,根据网络安全保险设计了一种信息系统安全投资激励机制.结果表明,适当的保险免赔额可以在一定程度上将这种负外部性内部化,进而改善了企业安全水平,并有效提高了社会福利.
망락호련배경하기업피흑객입침적개솔수기자신신식계통안전수평화정개망락안전수평적공동영향.통과연구기업비합작박혁하적개체최우선택적균형결과화합작하적사회최우투자선택,발현비합작기업재신식계통안전투자시회홀략기타기업적변제외부성본혹수익,저충부외부성특정회도치기업자아방어투자액저우사회최우투자수평,종이영향사회복리최대화적실현.위해결저충비합작하적안전투자불족문제,근거망락안전보험설계료일충신식계통안전투자격려궤제.결과표명,괄당적보험면배액가이재일정정도상장저충부외부성내부화,진이개선료기업안전수평,병유효제고료사회복리.
A firm＇s probability to incur loss （from being attacked） depends on both his security level and the network security level. We fully characterize equilibria of the noncooperative game, which give us the individually optimal security choices. And we also get the socially choices. After comparing these two equilibrium results, it is found that the nature of interdependent causes a negative externality that results in under-investment in self-defense relative to the socially efficient level by ignoring marginal external costs or benefits conferred on others. To solve the above mentioned problem, we design cyber insurance as an incentive for information system security investment. The key result is that limiting insurance coverage through deductibles can partially internalize this externality and thereby improve individual and social welfare.