Understanding user investments & response to security threats

Research Area: Available and Secure Computing Systems

Abstract

Security interactions in networked systems, and the associated user choices, due to their complexity, are notoriously difficult to predict, and sometimes even harder to rationalize. We argue that users often underestimate the strong mutual dependence between their security strategies and the economic environment (e.g., threat model) in which these choices are made and evaluated. This misunderstanding weakens the effectiveness of users' security investments. We study how economic agents invest into security in different economic environments, which are characteristic of different threat models. We notably explore Nash equilibrium predictions for the environments considered, contrast them with social optima, and map out an experimental research agenda for further investigation of user behavior.