 Attack-prevention and damage-control investments in cybersecurityWing Man Wynne Lam Information Economics and Policy, 2016, vol. 37, issue C, 42-51 Abstract: This paper examines investments in cybersecurity made by users and software providers with a focus on the latter's concerning attack prevention and damage control. I show that full liability, whereby the provider is liable for all damage, is inefficient, owing namely to underinvestment in attack prevention and overinvestment in damage control. On the other hand, the joint use of an optimal standard, which establishes a minimum compliance framework, and partial liability can restore efficiency. Implications for cybersecurity regulation and software versioning are discussed. Keywords: Cybersecurity; Investment; Standard; Liability; Bilateral care (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:eee:iepoli:v:37:y:2016:i:c:p:42-51 DOI: 10.1016/j.infoecopol.2016.10.003 Access Statistics for this article Information Economics and Policy is currently edited by D. Waterman More articles in Information Economics and Policy from Elsevier |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.