 Ex Ante and Ex Post Investments in CybersecurityWing Man Wynne Lam No 14-519, TSE Working Papers from Toulouse School of Economics (TSE) Abstract: This paper develops a theory of sequential investments in cybersecurity in which the software vendor can invest ex ante and ex post. The regulator can use safety standards and liability rules as means of increasing security. A standard is a minimum level of safety, and a liability rule states the amount of damage each party is liable for. I show that the joint use of an optimal standard and a full liability rule leads to underinvestment ex ante and overinvestment ex post because the software vendor does not suffer the full costs of the society in case of security failure. Instead, switching to a partial liability rule can correct the inefficiencies. This suggests that to improve security, the regulator should encourage not only the firms, but also the enterprises to invest in security. I also discuss the effect of network externality and explain why firms engage in "vaporware". Keywords: cybersecurity; sequential investment; standards; liability (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:tse:wpaper:28400 Access Statistics for this paper More papers in TSE Working Papers from Toulouse School of Economics (TSE) Contact information at EDIRC. |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.