You Can Only Die Once Interdependent Security in an Uncertain World

advertisement
You Can Only Die Once
Interdependent Security in an Uncertain World
Geoffrey Heal
Graduate School of Business
Columbia University
gmh1@columbia.edu
Howard Kunreuther (kunreuther@wharton.upenn.edu)
Center for Risk Management and Decision Processes
The Wharton School
University of Pennsylvania
and
Visiting Senior Research Scientist
Columbia University
Characteristics of the Problem

Non Additive Damages
(You can only die once)

Risk Faced by One Person Depends
on Actions Taken by Others
(Negative stochastic externalities)
Types of Problems
Investing in airline security
Making computer systems more secure against terrorist attacks.
Protecting against chemical & nuclear accidents
Making buildings more secure against attacks
Investing in sprinklers to reduce the chances of apartment fires
Avoiding divisional gambles that could bring entire firm into
bankruptcy .


Nick Leeson, Singapore futures market & collapse of Baring’s
Arthur Andersen brought into bankruptcy by Houston branch.
Scenario Illustrating Interdependent Security
Be Careful (BC) Airlines considers installing
baggage checking system for added protection.
Needs to balance the cost of this system with
reduction in risk of explosion of luggage not
only checked in with BC but also from bags of
passengers checked in on other airlines &
transferred to BC.
What is Interdependent Security?
An agent can protect itself against a risk by incurring an
upfront investment cost
BC Airlines can invest in baggage security system to reduce
chance of bomb explosions
Investment in computer protection against viruses and hackers
An agent can be contaminated by others even if it is protected
BC Airlines can be contaminated by bags transferred from
other airlines that were not inspected
Computer can be attacked by viruses from other computers
Interdependent Security Model
Assumptions and Notation
Consider Two Airlines A1 and A2.
Y = income of each airline before any expenditure on security
Probability contaminated bag is accepted and explodes in A i : p (p=.1)
Probability that contaminated bag gets accepted by A i and is
transferred to another airline where it explodes : q (q=.2 )
Probability non-screened airline loads a checked bag with bomb: p + q
Loss if a bag explodes : L. (L=1000)
Investment Cost of Baggage Security System c (c=95)
Interdependent Security Model
Expected Costs and Decisions
Expected Costs Associated with Investing (S) and
Not Investing (N) in Baggage Security System
AIRLINE 2
S
S
Y -95, Y -95
N
Y -100, Y -295
N
Y-295, Y -100
AIRLINE 1
Y -280, Y -280
Decisions
If A2 has a security system (S) then it is worth A1 investing in one,
Expected losses reduced by pL= - 100
Cost of baggage security system. = 95
If A2 does not invest in security (N) then A1 will not want to invest in one
Expected losses reduced by p (1-q)L - (280-200) = -80
Cost of baggage security system. = 95
Impact of Contamination if there are n Agents
Define X(n,0) to be the negative externalities to airline i if it invests in security
and no other airline does
For investment in security to be dominant strategy you need
c < p [L- X(n,0)]
When is investment in security a dominant strategy with many agents and all the
others have not protected themselves?
Airlines: c < p [e-q L] for any airline to invest in baggage security
Computers: no cost incentive (i.e. c <0 ) for a computer to protect itself
against viruses or hackers
Tipping Behavior when there is contamination
Suppose the n airlines differ in the costs and/or risks they face.
Define Ej (n,0) as the negative externalities imposed by airline j on all
other airlines when no other airlines invest and airline j changes
from investing to not investing in baggage security
Two Results


If by switching from N to S a single airline j can cause all others to
switch from N to S it will be the one that with highest Ej(n,0).
If by switching from N to S a group of K airlines can cause all
others to follow they will be the ones that have the K highest
Ej (n,0).
Types of Interventions
(Internalizing Negative Externalities)
Insurance


Not feasible under current system because insurer of agent i
does not pay for damage to agent j j i
Monopolistic insurer provides premium reduction to agent i for
reduction in contamination to all other agents
Liability---This policy tool only works if
contaminating agent is
held liable for damage to others if it did not invest in protection
Regulations Importance of well-enforced codes and standards
to ensure that cost-effective security measures are adopted
Types of Interventions
(Internalizing Externalities)
Taxation—Can levy a tax of t dollars on any agent that did not
invest in protection to encourage them to adopt security measures\
Coordinating mechanisms
 International Air Transport Association (IATA)---require
baggage security on all bags to be transferred to other
airlines
 Coops in NYC—Require that all buyers of apartments
invest in sprinkler system as a condition for purchase
 Social norms—role of friends and neighbors
Future Research Directions


Differential Costs and Risks
Nash equilibrium would be mixture of (S,S…N,N)
Prescriptive Questions
Do you tax some agents more because they have a
greater chance of contaminating others?
Role of regulations (e.g. building codes, required
baggage check-in)
Multi-Period and Dynamic Models
Importance of time horizon and discount rate
How do you get process of investing in security started?
Importance of developing sequential models of choice
Future Research Directions (cont.)
Behavioral Considerations
Misperceptions of risk
Myopia (i.e. short time horizons)
Importance of affect
(e.g. worry, dread, anxiety)
Budget Constraints
Download