没有剑的契约:网络安全投资的市场激励

Vaibhav Garg
{"title":"没有剑的契约:网络安全投资的市场激励","authors":"Vaibhav Garg","doi":"10.2139/ssrn.3896578","DOIUrl":null,"url":null,"abstract":"Two decades of economics research has repeatedly made the assertion that organizations as well as individuals do not have adequate incentive to invest in cybersecurity. Absent security, associated costs are imposed on third parties rather than producers of insecurity. Cybersecurity is thus a private good with externalities, one that will require regulation to prevent market failure. Underlying this body of research is the assumption that all organizations have the same business drivers, a similar attack surface, and a uniformly informed consumer base. This paper questions these assumptions and outlines seven naturally occurring incentives for organizations to invest in cybersecurity. Furthermore, I provide examples of how these incentives have driven investment in cybersecurity across different sectors. While the applicability of these incentives differs both across and within sectors, any cybersecurity public policy interventions must consider the resulting nuances. Cybersecurity covenants established absent the sword of regulation may be both more effective and sustainable, as they evolve with the experience and exposure of the stakeholders.","PeriodicalId":11797,"journal":{"name":"ERN: Regulation (IO) (Topic)","volume":"128 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2021-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Covenants Without the Sword: Market Incentives for Cybersecurity Investment\",\"authors\":\"Vaibhav Garg\",\"doi\":\"10.2139/ssrn.3896578\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Two decades of economics research has repeatedly made the assertion that organizations as well as individuals do not have adequate incentive to invest in cybersecurity. Absent security, associated costs are imposed on third parties rather than producers of insecurity. Cybersecurity is thus a private good with externalities, one that will require regulation to prevent market failure. Underlying this body of research is the assumption that all organizations have the same business drivers, a similar attack surface, and a uniformly informed consumer base. This paper questions these assumptions and outlines seven naturally occurring incentives for organizations to invest in cybersecurity. Furthermore, I provide examples of how these incentives have driven investment in cybersecurity across different sectors. While the applicability of these incentives differs both across and within sectors, any cybersecurity public policy interventions must consider the resulting nuances. Cybersecurity covenants established absent the sword of regulation may be both more effective and sustainable, as they evolve with the experience and exposure of the stakeholders.\",\"PeriodicalId\":11797,\"journal\":{\"name\":\"ERN: Regulation (IO) (Topic)\",\"volume\":\"128 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-07-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ERN: Regulation (IO) (Topic)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.2139/ssrn.3896578\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ERN: Regulation (IO) (Topic)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2139/ssrn.3896578","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2

摘要

二十年的经济学研究一再表明,组织和个人都没有足够的动机投资网络安全。如果没有安全保障,相关成本就会强加给第三方,而不是不安全的制造者。因此,网络安全是一种具有外部性的私人商品,需要监管来防止市场失灵。这些研究的基础假设是,所有组织都有相同的业务驱动因素、相似的攻击面和一致的消费者基础。本文对这些假设提出了质疑,并概述了组织投资网络安全的七大自然诱因。此外,我还提供了一些例子,说明这些激励措施是如何推动不同行业的网络安全投资的。虽然这些激励措施的适用性在部门之间和部门内部都有所不同,但任何网络安全公共政策干预都必须考虑到由此产生的细微差别。在没有监管之剑的情况下建立的网络安全契约可能更有效、更可持续,因为它们会随着利益相关者的经验和曝光而发展。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Covenants Without the Sword: Market Incentives for Cybersecurity Investment
Two decades of economics research has repeatedly made the assertion that organizations as well as individuals do not have adequate incentive to invest in cybersecurity. Absent security, associated costs are imposed on third parties rather than producers of insecurity. Cybersecurity is thus a private good with externalities, one that will require regulation to prevent market failure. Underlying this body of research is the assumption that all organizations have the same business drivers, a similar attack surface, and a uniformly informed consumer base. This paper questions these assumptions and outlines seven naturally occurring incentives for organizations to invest in cybersecurity. Furthermore, I provide examples of how these incentives have driven investment in cybersecurity across different sectors. While the applicability of these incentives differs both across and within sectors, any cybersecurity public policy interventions must consider the resulting nuances. Cybersecurity covenants established absent the sword of regulation may be both more effective and sustainable, as they evolve with the experience and exposure of the stakeholders.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Sound GUPPI Safe Harbor: A Calibrated Unilateral Effects Screen for Horizontal Mergers with Differentiated Products Consolidation on Aisle Five: Effects of Mergers in Consumer Packaged Goods Optimal Exit Policy with Uncertain Demand Friends in High Places: Demand Spillovers and Competition on Digital Platforms The Ambiguous Competitive Effects of Passive Partial Forward Integration
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1