EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Circumventing Circumvention: An Economic Analysis of the Role of Education and Enforcement

Debabrata Dey (), Abhijeet Ghoshal () and Atanu Lahiri ()
Additional contact information
Debabrata Dey: Foster School of Business, University of Washington, Seattle, Washington 98195
Abhijeet Ghoshal: Gies College of Business, University of Illinois, Champaign, Illinois 61820
Atanu Lahiri: Jindal School of Management, University of Texas, Dallas, Texas 75080

Management Science, 2022, vol. 68, issue 4, 2914-2931

Abstract: The role of education and enforcement in ensuring compliance with a law or policy has been debated for more than a century now. We reopen this debate in the context of security circumvention by employees, currently a leading cause of information security and privacy breaches. Drawing on prior literature, we develop a microeconomic framework that captures employees’ circumventing behavior in the face of security controls. This allows us to obtain interesting insights that have implications for how an organization should employ anticircumvention measures. First, unless circumvention is rampant, education and enforcement often work better in combination, and not in isolation. Second, there are incentives for an organization to tolerate circumvention to an extent, even when education and enforcement are cheap. Finally, education and enforcement may be strategic complements or substitutes in different parts of the parameter space. When they are complements, if a change in cost parameters compels the organization to increase one, it would also require an increase in the other in lockstep. In contrast, when they are substitutes, an increase in one is associated with a decrease in the other.

Keywords: IT security; privacy; circumvention; education; enforcement; economics of IS (search for similar items in EconPapers)
Date: 2022
References: View references in EconPapers View complete reference list from CitEc
Citations:

Downloads: (external link)
http://dx.doi.org/10.1287/mnsc.2021.4027 (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:inm:ormnsc:v:68:y:2022:i:4:p:2914-2931

Access Statistics for this article

More articles in Management Science from INFORMS Contact information at EDIRC.
Bibliographic data for series maintained by Chris Asher ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:inm:ormnsc:v:68:y:2022:i:4:p:2914-2931