Heterogeneous Preferences and Patterns of Contribution in Cybersecurity as a Public Good

This paper presents an agent-based model of contribution to cybersecurity as a participatory public good. Ineffective cybersecurity measures pose serious threats and risks to the development and stability of information societies in the world. Hence, different doctrines and thesis have been suggested to explore how this domain should be treated by the public and private stakeholders. Cybersecurity as a public good is one of these doctrines that accordingly, cybersecurity is non-rivalrous and non-excludable. In this paper, we present a model of social preferences reflecting the concepts of altruism, individualism, aggressiveness, and reciprocity. It describes an agent-based model simulating a repeated public goods game among a set of defenders that are in an uncertain environment with incomplete and imperfect information. In the model, defenders have a probability to choose contribution or being a free-rider, depending on their own preferences and facing with revealed preferences of other defenders. This model implements a utility maximization that applies to each individual, modeling the existence of free-riders, punishments, and interdependency of decisions on the social context. The results of this simulation show that, over time, defenders update their preferences in reaction to the behavior of other defenders and the experience of cyber-attacks. Moreover, they indicate a high level of contribution to the provision of cybersecurity as a public good and the effectiveness of punishment on increasing the contributions. This paper demonstrated how agent-based models can be used to examine this doctrine and investigate whether this doctrine complies with the unique characteristics of cybersecurity.