Is Cybersecurity a Public Good? Evidence from the Financial Services Industry

This article examines whether or not cybersecurity is a public good, and thus is underproduced, especially among the financial services sector. The article also applies government failure, market failure, public goods, and externalities to cyber security. The authors conclude that cybersecurity is not purely a public good because of all the money and resources being dedicated to cybersecurity. Firms do not appear to be free riding off of other firms but are investing in it themselves because of the high return. When government regulation interferes with the private sector, then cybersecurity is likely to be over-produced. The authors conclude that protection against cyberterrorism does not require government cooperation, and that cybersecurity is being adequately provided in the private sector.