An Introduction to Key Themes in the Economics of Cyber Security

Economic incentives impact information security in the realm of network effects, but especially in the realm of security externalities. Because the cost of a spreading virus is diffuse, each user has less of an incentive to purchase secure technology. This creates a free-rider problem because when someone adds protection to his computer, he is increasing the security of other users, and individuals will choose less security than the socially optimal. In economics, this is called a “positive externality.” Network effects arise when a large number of firms or consumers purchase the same type of security software, or “coalesce” around that software. This is usually viewed as beneficial to those who have grouped around a standard, but this could hinder security because of the success of the network. Uses Computer Emergency Response Team/Coordination Center (CERT/CC) and uses data from the National Vulnerability Database (NVD).