Computer Security Journal, Vol. XIX, No. 2, Spring, 2003
16 Pages Posted: 31 May 2012
Date Written: May 31, 2003
This paper examines the deferment option explanation for why information security breaches are so prevalent. Our examination will focus on security breaches within major U.S. corporations and will include some empirical evidence to support our discussion. As will be seen, the evidence presented supports the argument that the ubiquitous nature of security breaches is due, at least in part, to the wait-and-see (i.e., deferment option) approach of many senior managers. This article will also show why such an approach is quite rational from an economics perspective.
Keywords: Information Security, Real Options
Suggested Citation: Suggested Citation
Gordon, Lawrence A. and Loeb, Martin P. and Lucyshyn, William, Information Security Expenditures and Real Options: A Wait-and-See Approach (May 31, 2003). Computer Security Journal, Vol. XIX, No. 2, Spring, 2003. Available at SSRN: https://ssrn.com/abstract=1375460