Dangerous games: A literature review on cybersecurity investments
这篇综述梳理了企业网络安全投资的理论文献,将孤立企业与相互依赖企业的投资问题分类讨论,并构建统一模型分析不同竞争与网络互联情境下的投资激励,对研究者和政策制定者都有参考价值。
Abstract Cybersecurity has gained prominence in the decision‐making of firms. Due to the increasing occurrences of threats in the cyberspace, investments in cybersecurity have become critical to mitigate the operational disruption of businesses. This paper surveys the theoretical literature on the firms' incentives to invest in cybersecurity. A taxonomy of the existing contributions is provided to frame them in a common reference scheme and a model is developed to encompass such contributions and discuss their main findings. Papers that investigate the investment problem of an isolated firm are distinguished from those that consider interdependent firms. In turn, interdependent cybersecurity is analyzed in three different contexts: (i) firms that operate their business via a common computer network, but are not competitors in the product market; (ii) firms that are competitors in the product market, but run their business using non‐interconnected computer systems; (iii) firms that are competitors and rely on a common computer network. Finally, promising avenues for future research and policy implications are discussed.