The Market Consequences of Cybersecurity: Difference between revisions

From Cybersecurity Wiki
Jump to navigation Jump to search
No edit summary
 
(7 intermediate revisions by 2 users not shown)
Line 11: Line 11:
==Categorization==
==Categorization==


Issues: [[Economics of Cybersecurity]]
Issues: [[Economics of Cybersecurity]]; [[Incentives]]


==Key Words==  
==Key Words==  


[http://cyber.law.harvard.edu/cybersecurity/Glossary_of_Core_Ideas#Internet_Service_Providers internet service providers], [http://cyber.law.harvard.edu/cybersecurity/Glossary_of_Core_Ideas#Malware malware], [http://cyber.law.harvard.edu/cybersecurity/Glossary_of_Core_Ideas#Risk_Management risk management]
[http://cyber.law.harvard.edu/cybersecurity/Glossary_of_Core_Ideas#Internet_Service_Providers Internet Service Providers], [http://cyber.law.harvard.edu/cybersecurity/Glossary_of_Core_Ideas#Malware Malware],
[http://cyber.law.harvard.edu/cybersecurity/Glossary_of_Core_Ideas#Social_Engineering Social Engineering]


==Synopsis==
==Synopsis==


This chapter asks the following questions: Are participants in the information and communication markets responding adequately to malware, or are improvements possible? Pointing to a variety of reports that show increases in malicious attack trends, one might conclude that markets are not responding adequately. The analysis revealed a more nuanced picture.
This chapter asks the following questions: Are participants in the information and communication markets responding adequately to malware, or are improvements possible? Pointing to a variety of reports that show increases in malicious attack trends, one might conclude that markets are not responding adequately. The analysis revealed a more nuanced picture.


==Additional Notes and Highlights==
==Additional Notes and Highlights==


  '''Outline:'''
'''Outline:'''
 
   '''Three major categories of externalities'''
   '''Three major categories of externalities'''
     Category 1: No externalities; market participants absorb all the costs of their security decisions.
     Category 1: No externalities; market participants absorb all the costs of their security decisions.
Line 33: Line 32:
     Category 3: Externalities are borne fully by other market participants or by society at large.
     Category 3: Externalities are borne fully by other market participants or by society at large.
     ''The case of lax security by end users''
     ''The case of lax security by end users''
  ''' Distributional and efficiency effects'''
  ''' Distributional and efficiency effects'''
  ''' Survey results on the costs of malware'''  
  ''' Survey results on the costs of malware'''  
   '''Key findings'''
   '''Key findings'''

Latest revision as of 13:24, 18 June 2010

Full Title of Reference

The Market Consequences of Cybersecurity: Defining Externalities and Ways to Address Them

Full Citation

OECD, The Market Consequences of Cybersecurity: Defining Externalities and Ways to Address Them, in Computer Viruses and Other Malicious Software (OECD, 2009). Purchase

BibTeX

Categorization

Issues: Economics of Cybersecurity; Incentives

Key Words

Internet Service Providers, Malware, Social Engineering

Synopsis

This chapter asks the following questions: Are participants in the information and communication markets responding adequately to malware, or are improvements possible? Pointing to a variety of reports that show increases in malicious attack trends, one might conclude that markets are not responding adequately. The analysis revealed a more nuanced picture.

Additional Notes and Highlights

Outline:

 Three major categories of externalities
   Category 1: No externalities; market participants absorb all the costs of their security decisions.
   Category 2: Externalities are created, but they are borne by agents that can manage them.
    The ISP example
    The case of online financial services
   Category 3: Externalities are borne fully by other market participants or by society at large.
    The case of lax security by end users
 Distributional and efficiency effects
 Survey results on the costs of malware 
 Key findings