Professor Wang will present economic models of cybersecurity investments by a firm, first considering the cost-benefit to the firm itself, and then to the eco-system of a supply-chain.
He introduces a concept of a firm’s security knowledge set of its attack surface, relative to the universe of threats.
He then proposes three classes of security production functions as the frontier curve of a firm’s knowledge set. Professor Wang distinguishes two types of security investments in acquiring data, information and expertise, vis-à-vis deploying defense measures and detection tools, and derives formula for optimal allocations.
He also analyzes cyber breach propagations between firms in a supply-chain, and demonstrates that large firms requiring contractors to show security ratings by third parties can be an effective way of reducing information gap in a supply chain.
Finally, he presents a model for the reliability (sharpness) of cybersecurity rating for firms, and shows how the perceived reliability of cybersecurity rating affects the incentives for firms to increase their security investments.
News Summary on the FC Leblanc event is at: