Cybersecurity and Moral Hazard
60 Pages Posted: 19 Oct 2017 Last revised: 18 Aug 2019
Date Written: October 21, 2017
Our everyday lives are laced, often invisibly, with connected technologies, making the security of those devices and the data they carry increasingly important in ways that we may not have expected only recently. But when it comes to addressing the risks of cybersecurity, our institutions have largely failed us, due in large part to the moral hazard inherent to our approach to the manufacture of connected technologies. That is, technology manufacturers and resellers are richly rewarded for innovations that carry with them heightened security risks, while users of these technologies are often left bearing the bulk of the costs associated with those risks when they are later, inevitably, exploited.
The moral hazard of cybersecurity has its roots in our institutional support for favoring technology innovation over product maintenance, especially in the low profit margin world of Internet of Things connected devices. Because the rapid advances in connected technologies continue to yield economic benefits to technology manufacturers, our political, educational, and legal institutions are geared toward the continuation of these advances at the cost of greater security risk, borne mainly by the users of these technologies. These institutional failures to address cybersecurity’s moral risk fall under three categories: economic, epistemological, and ethical. This Article argues that cybersecurity’s moral hazard problem will only be addressed when these categories, and their corresponding risks and costs, are properly accounted for.
Suggested Citation: Suggested Citation