An Introduction to Key Themes in the Economics of Cyber Security

From Cybersecurity Wiki
Jump to: navigation, search

Full Title of Reference

An Introduction to Key Themes in the Economics of Cyber Security

Full Citation

Neil Gandal, "An Introduction to Key Themes in the Economics of Cybersecurity," in Cyber Warfare and Cyber Terrorism (IGI Global eds., 2008). Web

BibTeX WorldCat Google Books Amazon


Key Words

Botnet, Computer Network Attack, Crimeware, Cyber Security as an Externality


Software security is an important concern for vendors, consumers, and regulators since attackers who exploit vulnerabilities can cause significant damage. In this brief paper, I discuss key themes in the budding literature on the economics of cyber-security. My primary focus is on how economics incentives affect the major issues and themes in information security. Two important themes relevant for the economics of cyber security issues are (i) a security externality and (ii) a network effect that arises in the case of computer software. A nascent economics literature has begun to examine the interaction between vulnerability disclosure, patching, product prices and profits.

Two fundamentals of cybersecurity economics addressed here are that of "security externality" and "network effect."

  • Security Externality:

Unprotected computers are vulnerable to being used by hackers to attack other computers. There is a lack of incentive for each user in the system to adequately protect against viruses in his system, since the cost of the spread of the virus is borne by others. That is, computer security is characterized by a positive “externality.” If I take more precautions to protect my computer, I enhance the security of other users as well as my own. Such settings lead to a classic free-rider problem. In the absence of a market for security, individuals will choose less security than the social optimal.

  • Network Effects:

A network effect arises in computer software. The benefits of computer software typically depend on the number of consumers who purchase licenses to the same or compatible software. A direct network effect exists when increases in the number of consumers on the network raise the value of the good or service for everyone on the network. The most common examples are communication networks such as telephone and email networks.

Network effects are typically thought to benefit consumers and firms that have coalesced around a standard. However, network effects may contribute to security problems. Large networks are more vulnerable to security breaches, precisely because of the success of the network. In part because of its large installed base, Microsoft’s Internet Explorer is likely more vulnerable to attack than the Mosaic’s “Firefox” Browser.

Additional Notes and Highlights

Expertise Required: Economics - Low