Research on the Game Theory of Enterprise Information Security Investment Considering Information Complementarity

IF 2.3 4区计算机科学 Q2 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Expert Systems Pub Date : 2026-03-31 DOI:10.1111/exsy.70253

Cuiyou Yao, Lin Yu, Dongpu Fu, Yanhong Yang, Haiqing Cao, Fulei Shi

{"title":"Research on the Game Theory of Enterprise Information Security Investment Considering Information Complementarity","authors":"Cuiyou Yao, Lin Yu, Dongpu Fu, Yanhong Yang, Haiqing Cao, Fulei Shi","doi":"10.1111/exsy.70253","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>The vigorous development of Internet information technology has brought a lot of convenience and fun to people's lives. However, in the modern information world, the problem of information security has always existed. Given the prevalence of information security problems and their consequences, enterprises often invest in information security technologies to strengthen their information systems. However, the security vulnerabilities of information systems cannot be eliminated, so the choice of investment strategies by enterprises is of great significance. Based on the evolutionary game method, this study analyses, from a microscopic perspective, the investment strategy selection process of enterprises when there are security vulnerabilities in information system in the context of the complementarity of information assets between enterprises, and simulates the impact of enterprises' initial investment intention and potential losses as well as breach probabilities and cost differentials on the evolutionary outcomes. The research shows that an enterprise is more willing to choose an investment strategy that minimises the sum of investment costs and expected losses. The higher the enterprise's initial high investment intention or potential losses, the more likely it is to choose a high investment strategy, whilst its partner enterprise is less likely to choose a high investment strategy. In addition, when security investments effectively reduce breach probabilities, enterprises are more inclined to adopt high-investment strategies, whilst higher hacker operational costs can help alleviate enterprises' security investment pressure.</p>\n </div>","PeriodicalId":51053,"journal":{"name":"Expert Systems","volume":"43 5","pages":""},"PeriodicalIF":2.3000,"publicationDate":"2026-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Expert Systems","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1111/exsy.70253","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

The vigorous development of Internet information technology has brought a lot of convenience and fun to people's lives. However, in the modern information world, the problem of information security has always existed. Given the prevalence of information security problems and their consequences, enterprises often invest in information security technologies to strengthen their information systems. However, the security vulnerabilities of information systems cannot be eliminated, so the choice of investment strategies by enterprises is of great significance. Based on the evolutionary game method, this study analyses, from a microscopic perspective, the investment strategy selection process of enterprises when there are security vulnerabilities in information system in the context of the complementarity of information assets between enterprises, and simulates the impact of enterprises' initial investment intention and potential losses as well as breach probabilities and cost differentials on the evolutionary outcomes. The research shows that an enterprise is more willing to choose an investment strategy that minimises the sum of investment costs and expected losses. The higher the enterprise's initial high investment intention or potential losses, the more likely it is to choose a high investment strategy, whilst its partner enterprise is less likely to choose a high investment strategy. In addition, when security investments effectively reduce breach probabilities, enterprises are more inclined to adopt high-investment strategies, whilst higher hacker operational costs can help alleviate enterprises' security investment pressure.

查看原文本刊更多论文

考虑信息互补性的企业信息安全投资博弈研究

互联网信息技术的蓬勃发展给人们的生活带来了许多便利和乐趣。然而，在现代信息世界中，信息安全问题一直存在。鉴于信息安全问题的普遍存在及其后果，企业经常投资于信息安全技术来加强其信息系统。然而，信息系统的安全漏洞是无法消除的，因此企业投资策略的选择具有重要意义。本文基于演化博弈方法，从微观角度分析了企业间信息资产互补性背景下存在信息系统安全漏洞时企业的投资策略选择过程，模拟了企业初始投资意愿、潜在损失、违约概率和成本差异对演化结果的影响。研究表明，企业更愿意选择投资成本与预期损失之和最小的投资策略。企业初始高投资意愿或潜在亏损越高，越有可能选择高投资策略，而其合作企业选择高投资策略的可能性越小。此外，当安全投资有效地降低违规概率时，企业更倾向于采取高投资策略，而较高的黑客运营成本有助于缓解企业的安全投资压力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Expert Systems 工程技术-计算机：理论方法

CiteScore

7.40

自引率

6.10%

发文量

266

审稿时长

24 months

期刊介绍： Expert Systems: The Journal of Knowledge Engineering publishes papers dealing with all aspects of knowledge engineering, including individual methods and techniques in knowledge acquisition and representation, and their application in the construction of systems – including expert systems – based thereon. Detailed scientific evaluation is an essential part of any paper. As well as traditional application areas, such as Software and Requirements Engineering, Human-Computer Interaction, and Artificial Intelligence, we are aiming at the new and growing markets for these technologies, such as Business, Economy, Market Research, and Medical and Health Care. The shift towards this new focus will be marked by a series of special issues covering hot and emergent topics.