Ex Ante and Ex Post Investments in Cybersecurity

Lam, Wing Man Wynne (2014) Ex Ante and Ex Post Investments in Cybersecurity. TSE Working Paper, n. 14-519

[img]
Preview
Text
Download (511kB) | Preview
Official URL: http://tse-fr.eu/pub/28400

Abstract

This paper develops a theory of sequential investments in cybersecurity in which the software vendor can invest ex ante and ex post. The regulator can use safety standards and liability rules as means of increasing security. A standard is a minimum level of safety, and a liability rule states the amount of damage each party is liable for. I show that the joint use of an optimal standard and a full liability rule leads to underinvestment ex ante and overinvestment ex post because the software vendor does not suffer the full costs of the society in case of security failure. Instead, switching to a partial liability rule can correct the inefficiencies. This suggests that to improve security, the regulator should encourage not only the firms, but also the enterprises to invest in security. I also discuss the effect of network externality and explain why firms engage in "vaporware".

Item Type: Monograph (Working Paper)
Language: English
Date: August 2014
Uncontrolled Keywords: cybersecurity, sequential investment, standards, liability
JEL codes: L1 - Market Structure, Firm Strategy, and Market Performance
L8 - Industry Studies - Services
Subjects: B- ECONOMIE ET FINANCE
Divisions: TSE-R (Toulouse)
Site: UT1
Date Deposited: 16 Mar 2015 14:49
Last Modified: 07 Mar 2018 13:23
OAI ID: oai:tse-fr.eu:28400
URI: http://publications.ut-capitole.fr/id/eprint/16553

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year