Individuals derive benefits from their connections, but these may, at the same time, transmit external threats. Individuals therefore invest in security to protect themselves. However, the incentives to invest in security depend on their network exposures. We study the problem of designing a network that provides the right individual incentives.
Motivated by cybersecurity, we first study the situation where the threat to the network comes from an intelligent adversary. We show that, by choosing the right topology, the designer can bound the welfare costs of decentralized protection. Both over-investment as well as under- investment can occur depending on the costs of security. At low costs, over-protection is important: this is addressed by disconnecting the network into two unequal components and sacrificing some nodes. At high costs, under-protection becomes salient: it is addressed by disconnecting the network into equal components.
Motivated by epidemiology, we then turn to the study of random attacks. The over-protection problem is no longer present, whereas under-protection problems is mitigated in a diametrically opposite way: namely, by creating dense networks that expose the individuals to the risk of contagion.