From Cybersecurity Wiki
Jump to navigation Jump to search

Full Title of Reference

Cybersecurity: Stakeholder Incentives, Externalities, and Policy Options

Full Citation

Johannes M. Bauer and Michel J.G. van Eeten, Cybersecurity: Stakeholder Incentives, Externalities, and Policy Options (2009) Telecommunications Policy, Vol. 33, No. 10. Purchase



Key Words


Cybercrime, Cybersecurity, Externalities, Information Security Policy, Regulation, Security Incentives


Information security breaches are increasingly motivated by fraudulent and criminal motives. Reducing their considerable costs has become a pressing issue. Although cybersecurity has strong public good characteristics, most information security decisions are made by individual stakeholders. Due to the interconnectedness of cyberspace, these decentralized decisions are afflicted with externalities that can result in sub-optimal security levels. Devising effective solutions to this problem is complicated by the global nature of cyberspace, the interdependence of stakeholders, as well as the diversity and heterogeneity of players. The paper develops a framework for studying the co-evolution of the markets for cybercrime and cybersecurity. It examines the incentives of stakeholders to provide for security and their implications for the ICT ecosystem. The findings show that market and non-market relations in the information infrastructure generate many security-enhancing incentives. However, pervasive externalities remain that can only be corrected by voluntary or government-led collective measures.

Additional Notes and Highlights