کد مقاله کد نشریه سال انتشار مقاله انگلیسی نسخه تمام متن
5075669 1477173 2016 10 صفحه PDF دانلود رایگان
عنوان انگلیسی مقاله ISI
Attack-prevention and damage-control investments in cybersecurity
ترجمه فارسی عنوان
سرمایه گذاری در مقابل حمله و کنترل آسیب در امنیت سایبری
موضوعات مرتبط
علوم انسانی و اجتماعی مدیریت، کسب و کار و حسابداری مدیریت فناوری و نوآوری
چکیده انگلیسی


- This paper studies investments in cybersecurity, where both the software provider and the software users can invest in security.
- Since software products are never free of bugs, I consider a provider that can undertake attack-prevention and damage-control investments.
- I show that when the provider is fully liable for all damages, it underinvests in attack prevention and overinvests in damage control.
- This is akin to a software provider releasing vulnerable alpha versions of their products before the more secure beta versions.
- The joint use of an optimal standard and partial liability can restore investment efficiency.

This paper examines investments in cybersecurity made by users and software providers with a focus on the latter's concerning attack prevention and damage control. I show that full liability, whereby the provider is liable for all damage, is inefficient, owing namely to underinvestment in attack prevention and overinvestment in damage control. On the other hand, the joint use of an optimal standard, which establishes a minimum compliance framework, and partial liability can restore efficiency. Implications for cybersecurity regulation and software versioning are discussed.

ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Information Economics and Policy - Volume 37, December 2016, Pages 42-51
نویسندگان
,