Cyber security breaches inflict costs to consumers and businesses. The possibility also exists that a cyber security breach may shut down an entire critical infrastructure industry, putting a nation’s whole economy and national defense at risk. Hence, the issue of cyber security investment has risen to the top of the agenda of business and government executives. This paper examines how the existence of well-recognized externalities changes the maximum a firm should, from a social welfare perspective, invest in cyber security activities. By extending the cyber security investment model of Gordon and Loeb [1] to incorporate externalities, we show that the firm’s social optimal investment in cyber security increases by no more than 37 % of the...
Reprinted from Journal of Accounting and Public Policy, 25/6, Kjell Hausken, Income, interdependence...
With billions of dollars being spent on information security related products and services each year...
In this paper, we assume the security level of a system is a quantifiable metric and apply the insur...
Economic agents make rational cybersecurity investment decisions considering the costs and the benef...
We present an economic model for decisions on competing cyber-security and cyber-insurance investmen...
200 p.Thesis (Ph.D.)--University of Illinois at Urbana-Champaign, 2006.In Chapter 4, we study a mode...
This paper develops a theory of sequential investments in cybersecurity in which the software vendor...
A model is developed which demonstrates that control systems for investments in information security...
The level of firms\u27 information security investment has recently become a critical issue in the m...
Information security is becoming an increasingly serious problem faced by many enterprises and organ...
With the continuing growth of the use of the Internet for business purposes, the consequences of a p...
The conventional wisdom is that this country’s privately owned critical infrastructure—banks, teleco...
Information security breaches are increasingly motivated by fraudulent and criminal motives. Reducin...
A model is presented wherein cybercrimes are addressed through a combination of private and public m...
With billions of dollars being spent on information security related products and services each year...
Reprinted from Journal of Accounting and Public Policy, 25/6, Kjell Hausken, Income, interdependence...
With billions of dollars being spent on information security related products and services each year...
In this paper, we assume the security level of a system is a quantifiable metric and apply the insur...
Economic agents make rational cybersecurity investment decisions considering the costs and the benef...
We present an economic model for decisions on competing cyber-security and cyber-insurance investmen...
200 p.Thesis (Ph.D.)--University of Illinois at Urbana-Champaign, 2006.In Chapter 4, we study a mode...
This paper develops a theory of sequential investments in cybersecurity in which the software vendor...
A model is developed which demonstrates that control systems for investments in information security...
The level of firms\u27 information security investment has recently become a critical issue in the m...
Information security is becoming an increasingly serious problem faced by many enterprises and organ...
With the continuing growth of the use of the Internet for business purposes, the consequences of a p...
The conventional wisdom is that this country’s privately owned critical infrastructure—banks, teleco...
Information security breaches are increasingly motivated by fraudulent and criminal motives. Reducin...
A model is presented wherein cybercrimes are addressed through a combination of private and public m...
With billions of dollars being spent on information security related products and services each year...
Reprinted from Journal of Accounting and Public Policy, 25/6, Kjell Hausken, Income, interdependence...
With billions of dollars being spent on information security related products and services each year...
In this paper, we assume the security level of a system is a quantifiable metric and apply the insur...