Externalities and the Magnitude of Cyber security Underinvestment by Private Sector Firms: A Modification of the Gordon-Loeb Model
نویسندگان
چکیده
Cyber security breaches inflict costs to consumers and businesses. The possibility also exists that a cyber security breach may shut down an entire critical infrastructure industry, putting a nation’s whole economy and national defense at risk. Hence, the issue of cyber security investment has risen to the top of the agenda of business and government executives. This paper examines how the existence of well-recognized externalities changes the maximum a firm should, from a social welfare perspective, invest in cyber security activities. By extending the cyber security investment model of Gordon and Loeb [1] to incorporate externalities, we show that the firm’s social optimal investment in cyber security increases by no more than 37% of the expected externality loss.
منابع مشابه
حاکمیت شبکهای در نهادهای پژوهشی امنیت سایبری
Governments change their governance style according to social, political and economic conditions. Cyber security technology is among today’s most changeable technologies, which is a critical key to the national security. Because of the weaknesses in the interaction among syber security research organizations, introducing a model for utilizing all existing capabilities can be an appro...
متن کاملEmpirical Evidence on the Determinants of Cybersecurity Investments in Private Sector Firms
Investments in cybersecurity are critical to the national and economic security of a nation. There is, however, a strong tendency for firms in the private sector to underinvest in cybersecurity activities. This paper reports the results of a survey designed to empirically assess whether treating cybersecurity as an important component of a firm’s internal control system for financial reporting ...
متن کاملIncreasing cybersecurity investments in private sector firms
The primary objective of this article is to develop an economics-based analytical framework for assessing the impact of government incentives/regulations designed to offset the tendency to underinvest in cybersecurity related activities by private sector firms. The analysis provided in the article shows that the potential for government incentives/regulations to increase cybersecurity investmen...
متن کاملAuditor Type and Earnings Quality in Tehran Stock Exchange
This study examines the association between auditor type (public versus private) and earnings quality as measured by the levels of discretionary accruals in Iran. This study hypothesize that there is no significant difference in discretionary accruals between public and private sector audit firms when there is low incentives for auditors to provide high-quality audits in Iran. Using a sample...
متن کاملEconomic Aspects of Controlling Capital Investments in Cyberspace Security for Critical Infrastructure Assets
A model is developed which demonstrates that control systems for investments in information security have a positive net economic impact on an organization. This positive effect is an increasing function of the degree of asymmetric information (related to moral hazard and adverse selection) between Chief Security Officers and Chief Financial Officers within an organization. The role of external...
متن کامل