讲座题目 | Fixed, Proportional, or Hybrid? A Study of Managed Security Service Provider Contracts | ||
主讲人 (单位) | 吴勇(东华大学) | 主持人 (单位) | 高星(东南大学) |
讲座时间 | 2025年12月19日 下午15:30 | 讲座地点 | 东南大学榴园宾馆 三江阁会议室 |
主讲人简介 |
吴勇,副教授,东华大学管理学院管科系副主任,工程管理学术主任,担任中国信息学会理事和上海市运筹学会理事。在JAIS,JORS,EJOR,系统工程理论与实践等国内外权威期刊上发表30余篇论文,主持国家自然科学基金和省部级项目4项,获得省部级教学成果奖4次,编著教材2本,指导学生获得国家级比赛奖励30余项。 | ||
讲座内容摘要 | Designing effective security service contracts presents a critical challenge for both Managed Security Service Providers (MSSPs) and their client firms, primarily due to client heterogeneity risks and the presence of negative externalities. Employing a game-theoretic framework, this research investigates how an MSSP selects its optimal contractual strategy from three alternatives: fixed compensation contract (FC), proportional compensation contract (RC), and hybrid contracts (HC) that incorporate elements of both FC and RC. The key distinction between FC and RC lies in their compensation structure—FC offers a predetermined compensation in case of breaches, whereas RC reimburses clients based on a proportion of their actual losses. Our analysis yields several key insights into the hybrid contract regime. As security risks intensify, the MSSP can strategically discourage middle- and low-valuation clients from selecting FC through service fee adjustments, while allowing high-valuation clients to retain self-selection flexibility. Counterintuitively, such client resegmentation can simultaneously increase both the MSSP’s profit and overall client base even under elevated security risks. Furthermore, our results show that all three contract types can be optimal depending on several internal tradeoffs, which explains their existence in practice. Based on comparative analysis of FC and RC, we also identify four key distinctions that demonstrate how compensation structures and client negligence differentially affect MSSP’s demand and profitability. These insights help clarify the rationale behind hybrid contracts and offer important managerial implications: a hybrid contract enables MSSPs to expand both their protected client base and overall profitability. From a policy perspective, there is no compelling reason for government intervention to promote hybrid contracts in the absence of negative externalities or client negligence. However, when both factors are present, promoting the adoption of hybrid contract is advisable, given their potential to enhance market-wide security outcomes. | ||
