Tools
ToolsLam, Wing Man Wynne (2016) Attack-prevention and damage-control investments in cybersecurity. Information Economics and Policy, 37. pp. 42-51. ISSN 0167-6245
Preview |
PDF (Accepted manuscript)
- Accepted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives. Download (360kB) | Preview |
Abstract
This paper examines investments in cybersecurity made by users and software providers with a focus on the latter's concerning attack prevention and damage control. I show that full liability, whereby the provider is liable for all damage, is inefficient, owing namely to underinvestment in attack prevention and overinvestment in damage control. On the other hand, the joint use of an optimal standard, which establishes a minimum compliance framework, and partial liability can restore efficiency. Implications for cybersecurity regulation and software versioning are discussed.
| Item Type: | Article |
|---|---|
| Uncontrolled Keywords: | cybersecurity,investment,standard,liability,bilateral care |
| Faculty \ School: | Faculty of Social Sciences > Norwich Business School |
| UEA Research Groups: | Faculty of Social Sciences > Research Centres > Centre for Competition Policy Faculty of Social Sciences > Research Groups > Responsible Business Regulation Group |
| Depositing User: | Pure Connector |
| Date Deposited: | 15 Sep 2017 05:07 |
| Last Modified: | 28 Jun 2025 00:30 |
| URI: | https://ueaeprints.uea.ac.uk/id/eprint/64881 |
| DOI: | 10.1016/j.infoecopol.2016.10.003 |
Downloads
Downloads per month over past year
Actions (login required)
 |
View Item |