Difference between revisions of "Cybersecurity"

From Cybersecurity Wiki
Jump to navigation Jump to search
Line 11: Line 11:
* Issues: [[Economics of Cybersecurity]]; [[Incentives]]; [[Risk Management and Investment]]
* Issues: [[Economics of Cybersecurity]], [[Incentives]], [[Risk Management and Investment]]
==Key Words==  
==Key Words==  

Revision as of 14:18, 17 June 2010

Full Title of Reference

Cybersecurity: Stakeholder Incentives, Externalities, and Policy Options

Full Citation

Johannes M. Bauer and Michel J.G. van Eeten, Cybersecurity: Stakeholder Incentives, Externalities, and Policy Options (2009) Telecommunications Policy, Vol. 33, No. 10. Purchase



Key Words


Cybercrime, Cybersecurity, Externalities, Information Security Policy, Regulation, Security Incentives


Information security breaches are increasingly motivated by fraudulent and criminal motives. Reducing their considerable costs has become a pressing issue. Although cybersecurity has strong public good characteristics, most information security decisions are made by individual stakeholders. Due to the interconnectedness of cyberspace, these decentralized decisions are afflicted with externalities that can result in sub-optimal security levels. Devising effective solutions to this problem is complicated by the global nature of cyberspace, the interdependence of stakeholders, as well as the diversity and heterogeneity of players. The paper develops a framework for studying the co-evolution of the markets for cybercrime and cybersecurity. It examines the incentives of stakeholders to provide for security and their implications for the ICT ecosystem. The findings show that market and non-market relations in the information infrastructure generate many security-enhancing incentives. However, pervasive externalities remain that can only be corrected by voluntary or government-led collective measures.

Additional Notes and Highlights