Attack-Deterring and Damage-Control Investments in Cybersecurity

نویسنده

  • Wing Man Wynne Lam
چکیده

This paper studies investment in cybersecurity, where both the software vendor and the consumers can invest in security. In addition, the vendor can undertake attack-deterring and damage-control investments. I show that full liability, under which the vendor is liable for all damages, does not achieve efficiency and, in particular, the vendor underinvests in attack deterrence and overinvests in damage control. Instead, the joint use of an optimal standard, which establishes a minimum compliance framework, and partial liability can restore efficiency. This suggests that policies that encourage not only firms, but also consumers to invest in security might be desirable.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Attack-prevention and damage-control investments in cybersecurity

This paper examines investments in cybersecurity made by users and software providers with a focus on the latter’s concerning attack prevention and damage control. I show that full liability, whereby the provider is liable for all damage, is inefficient, owing namely to underinvestment in attack prevention and overinvestment in damage control. On the other hand, the joint use of an optimal stan...

متن کامل

Empirical Evidence on the Determinants of Cybersecurity Investments in Private Sector Firms

Investments in cybersecurity are critical to the national and economic security of a nation. There is, however, a strong tendency for firms in the private sector to underinvest in cybersecurity activities. This paper reports the results of a survey designed to empirically assess whether treating cybersecurity as an important component of a firm’s internal control system for financial reporting ...

متن کامل

Cybersecurity Games and Investments: A Decision Support Approach

In this paper we investigate how to optimally invest in cybersecurity controls. We are particularly interested in examining cases where the organization suffers from an underinvestment problem or inefficient spending on cybersecurity. To this end, we first model the cybersecurity environment of an organization. We then model non-cooperative cybersecurity control-games between the defender which...

متن کامل

The challenges and recommended steps to improve cyber security within industrial control systems

“Security Protection against attack, Safety Freedom from risk and harm” End users or operators of industrial control systems (ICS) are responsible for the security of the systems. Many end users, however, find a challenge in addressing simple issues, typically: What requires protection from cyberattacks and how much protection is required? Will a critical system disruption or cyber theft cause ...

متن کامل

Increasing cybersecurity investments in private sector firms

The primary objective of this article is to develop an economics-based analytical framework for assessing the impact of government incentives/regulations designed to offset the tendency to underinvest in cybersecurity related activities by private sector firms. The analysis provided in the article shows that the potential for government incentives/regulations to increase cybersecurity investmen...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2015