Attack-Deterring and Damage-Control Investments in Cybersecurity
作者: Wing Man Wynne Lam
DOI:
关键词:
摘要: This paper studies investment in cybersecurity, where both the software vendor and consumers can invest security. In addition, undertake attack-deterring damage-control investments. I show that full liability, under which is liable for all damages, does not achieve efficiency and, particular, underinvests attack deterrence overinvests damage control. Instead, joint use of an optimal standard, establishes a minimum compliance framework, partial liability restore efficiency. suggests policies encourage only firms, but also to security might be desirable.
econinfosec.org 参考文章(25)
Hal Varian, System Reliability and Free Riding Economics of Information Security. pp. 1- 15 ,(2004) , 10.1007/1-4020-8090-5_1
Charles D. Kolstad, Thomas S. Ulen, Gary V. Johnson, Ex Post Liability for Harm vs. Ex Ante Safety Regulation: Substitutes or Complements? The American Economic Review. ,vol. 80, pp. 331- 344 ,(2018) , 10.4324/9781315197296-16
JAY PIL CHOI, CHAIM FERSHTMAN, NEIL GANDAL, Network security: Vulnerabilities and disclosure policy Journal of Industrial Economics. ,vol. 58, pp. 868- 894 ,(2010) , 10.1111/J.1467-6451.2010.00435.X
John Prather Brown, Toward an Economic Theory of Liability The Journal of Legal Studies. ,vol. 2, pp. 4- ,(1973) , 10.1086/467501
Russell Cooper, Thomas W Ross, None, Product Warranties and Double Moral Hazard The RAND Journal of Economics. ,vol. 16, pp. 103- 113 ,(1985) , 10.2307/2555592
Sanjeev Goyal, Hoda Heidari, Michael Kearns, Competitive contagion in networks Games and Economic Behavior. ,vol. 113, pp. 58- 79 ,(2014) , 10.1016/J.GEB.2014.09.002
Steven Shavell, A MODEL OF THE OPTIMAL USE OF LIABILITY AND SAFETY REGULATION The RAND Journal of Economics. ,vol. 15, pp. 271- 280 ,(1984) , 10.2307/2555680
Lawrence A. Gordon, Martin P. Loeb, The economics of information security investment ACM Transactions on Information and System Security. ,vol. 5, pp. 438- 457 ,(2002) , 10.1145/581271.581274
William M. Landes, Richard A. Posner, A Positive Economic Analysis of Products Liability The Journal of Legal Studies. ,vol. 14, pp. 535- 567 ,(1985) , 10.1086/467785
Terrence August, Tunay I. Tunca, Who Should Be Responsible for Software Security? A Comparative Analysis of Liability Policies in Network Environments Management Science. ,vol. 57, pp. 934- 959 ,(2011) , 10.1287/MNSC.1100.1304