Vulnerability and Information Security Investment Under Interdependent Risks: A Theoretical Approach
18 Pages Posted: 4 May 2011
Date Written: May 4, 2011
This article develops an economic model that shows the optimal level of information security investment in the context of interdependent security risks. Using particular functional forms, the analysis shows that the relationship between the security vulnerability level and the level of optimal information security investment is affected by externalities caused by agents’ correlated security risks. This article further illustrates that these externalities make an agent invest a different fraction of the expected loss compared to security investments in the situation of independent security risks: that is, in order to maximize the expected benefits from security investments, an agent should invest a larger fraction of the expected loss from a security breach in the case of negative externalities, while an agent should spend a smaller fraction of the expected loss in the case of negative externalities.
Keywords: interdependent security risk, security investment, security vulnerability, externality
Suggested Citation: Suggested Citation