Why Information Security is Hard – An Economic Perspective

This article stresses the importance of macroeconomic considerations and network externalities that play a significant role in the preservation of information security. According to the author, a security system will only be as strong as the desire of a company to stay away from security breaches. This desire is often heavily dependent on the accompanying laws. One example that was mentioned in the article, and which I feel was quite interesting, was how the banks in the U.S. took the security of their ATMs very seriously. The primary reason was that the burden of proof with respect to a disputed transaction lied with the bank and not the customer. On the contrary, the banks in other countries including the Netherlands, Norway and Britain did not take the security issue very seriously. Consequently, these countries became the target of ATM frauds. The article is concluded on the note that often times, it is the external factors/incentives that control the security of a system.