Information security decisions of firms considering security risk interdependency. (15th September 2021)
- Record Type:
- Journal Article
- Title:
- Information security decisions of firms considering security risk interdependency. (15th September 2021)
- Main Title:
- Information security decisions of firms considering security risk interdependency
- Authors:
- Wu, Yong
Wang, Linping
Cheng, Dong
Dai, Tao - Abstract:
- Highlights: We discuss firms' security decisions by considering two types of risk interdependency. The degree of complementation and substitution lower firm's effort level. Technical similarity enhances (reduces) complementary (substitutable) firm's effort. We propose two incentive mechanisms to eliminate the negative effects of risk interdependency. Abstract: Information security management becomes more challenging nowadays due to the diverse security risk interdependency between firms. Prior researches rarely consider the impact of risk interdependency on security decisions. This paper comprehensively considers two types of security risk interdependency caused by the nature of information assets and the technical similarity. We find that it is necessary to distinguish the complementary and substitutable information assets since they have different effects on the firm's investment incentive. As for the risk interdependency caused by the nature of the information assets, although both the high complementation degree and high substitution degree inhibit firms' incentives to invest, the underlying reasons are different. Besides, for another risk interdependency, the technical similarity enhances the investment incentive of the complementary firms but suppresses that of the substitutable firms. Moreover, the free-riding problem is unavoidable when the firm makes security decisions independently. Thus, we propose two efficient mechanisms to coordinate the firm's investmentHighlights: We discuss firms' security decisions by considering two types of risk interdependency. The degree of complementation and substitution lower firm's effort level. Technical similarity enhances (reduces) complementary (substitutable) firm's effort. We propose two incentive mechanisms to eliminate the negative effects of risk interdependency. Abstract: Information security management becomes more challenging nowadays due to the diverse security risk interdependency between firms. Prior researches rarely consider the impact of risk interdependency on security decisions. This paper comprehensively considers two types of security risk interdependency caused by the nature of information assets and the technical similarity. We find that it is necessary to distinguish the complementary and substitutable information assets since they have different effects on the firm's investment incentive. As for the risk interdependency caused by the nature of the information assets, although both the high complementation degree and high substitution degree inhibit firms' incentives to invest, the underlying reasons are different. Besides, for another risk interdependency, the technical similarity enhances the investment incentive of the complementary firms but suppresses that of the substitutable firms. Moreover, the free-riding problem is unavoidable when the firm makes security decisions independently. Thus, we propose two efficient mechanisms to coordinate the firm's investment incentive: the effort-based mechanism and the liability-based mechanism. The effort-based mechanism demands the firm obtain a reward from its cooperative firm according to its security effort level. The liability-based mechanism demands the breached firm take the liability by compensating the non-breached firm. We find that both two mechanisms are efficient, and could guide firms to solve the problem of opportunism and shirking responsibility in practice. Finally, for generality, we extend our model to an asymmetric case and find that most of the results are robust. … (more)
- Is Part Of:
- Expert systems with applications. Volume 178(2021)
- Journal:
- Expert systems with applications
- Issue:
- Volume 178(2021)
- Issue Display:
- Volume 178, Issue 2021 (2021)
- Year:
- 2021
- Volume:
- 178
- Issue:
- 2021
- Issue Sort Value:
- 2021-0178-2021-0000
- Page Start:
- Page End:
- Publication Date:
- 2021-09-15
- Subjects:
- Complementation -- Substitution -- Technical similarity -- Security effort -- Incentive mechanism
Expert systems (Computer science) -- Periodicals
Systèmes experts (Informatique) -- Périodiques
Electronic journals
006.33 - Journal URLs:
- http://www.sciencedirect.com/science/journal/09574174 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.eswa.2021.114990 ↗
- Languages:
- English
- ISSNs:
- 0957-4174
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3842.004220
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 16876.xml