 Bilateral Liability-Based Contracts in Information Security OutsourcingKai-Lung Hui,
Ping Fan Ke (pfke@connect.ust.hk),
Yuxi Yao and
Wei T. Yue (wei.t.yue@cityu.edu.hk)
Information Systems Research, 2019, vol. 30, issue 2, 411-429 Abstract: We study the efficiency of bilateral liability-based contracts in managed security services (MSSs). We model MSS as a collaborative service with the protection quality shaped by the contribution of both the service provider and the client. We adopt the negligence concept from the legal profession to design two novel contracts: threshold-based liability contract and variable liability contract. We find that they can achieve the first best outcome when postbreach effort verification is feasible. More importantly, they are more efficient than a multilateral contract when the MSS provider assumes limited liability. Our results show that bilateral liability-based contracts can work in the real world. Hence, more research is needed to explore their properties. We discuss the related implications. The online appendix is available at https://doi.org/10.1287/isre.2018.0806 . Keywords: managed security service; liability-based contracts; negligence; auditing error; limited liability (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:inm:orisre:v:30:y:2019:i:2:p:411-429 Access Statistics for this article More articles in Information Systems Research from INFORMS Contact information at EDIRC. |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to econpapers@oru.se.
EconPapers is hosted by the
School of Business at Örebro University.