Cerdeiro, D., Dziubinski, M. and Goyal, S.
Contagion Risk and Network Design
WP Number: 1504
Abstract: Individuals derive benefits from their connections, but these may, at the same
time, transmit external threats. Individuals therefore invest in security to protect
themselves. However, the incentives to invest in security depend on their network
exposures. We study the problem of designing a network that provides the right
individual incentives.
Motivated by cybersecurity, we �rst study the situation where the threat to
the network comes from an intelligent adversary. We show that, by choosing the
right topology, the designer can bound the welfare costs of decentralized protection.
Both over-investment as well as under-investment can occur depending on the costs
of security. At low costs, over-protection is important: this is addressed by discon-
necting the network into two unequal components and sacri�cing some nodes. At
high costs, under-protection becomes salient: it is addressed by disconnecting the
network into equal components.
Motivated by epidemiology, we then turn to the study of random attacks. The
over-protection problem is no longer present, whereas under-protection problems
is mitigated in a diametrically opposite way: namely, by creating dense networks
that expose the individuals to the risk of contagion.
Keywords: cybersecurity, epidemics, security choice, externalities
Author links: Sanjeev Goyal
PDF: wp1504.pdf 
Open Access Link: 10.17863/CAM.5775
