Cybersecurity and Moral Hazard

43 Pages Posted: 19 Oct 2017 Last revised: 6 Apr 2020

See all articles by Jeffrey Vagle

Jeffrey Vagle

Georgia State University College of Law; Stanford University - Stanford Law School Center for Internet and Society

Date Written: October 21, 2017


Our everyday lives are laced, often invisibly, with connected technologies, making the security of those devices and the data they carry increasingly important in ways that we may not have expected only recently. But when it comes to addressing the risks of cybersecurity, our institutions have largely failed us, due in large part to the moral hazard inherent to our approach to the manufacture of connected technologies. That is, technology manufacturers and resellers are richly rewarded for innovations that carry with them heightened security risks, while users of these technologies are often left bearing the bulk of the costs associated with those risks when they are later, inevitably, exploited.

The moral hazard of cybersecurity has its roots in our institutional support for favoring technology innovation over product maintenance, especially in the low profit margin world of Internet of Things connected devices. Because the rapid advances in connected technologies continue to yield economic benefits to technology manufacturers, our political, educational, and legal institutions are geared toward the continuation of these advances at the cost of greater security risk, borne mainly by the users of these technologies. These institutional failures to address cybersecurity’s moral risk fall under three categories: economic, epistemological, and ethical. This Article argues that cybersecurity’s moral hazard problem will only be addressed when these categories, and their corresponding risks and costs, are properly accounted for.

Suggested Citation

Vagle, Jeffrey, Cybersecurity and Moral Hazard (October 21, 2017). Stanford Technology Law Review, Vol. 23, 2020, Available at SSRN: or

Jeffrey Vagle (Contact Author)

Georgia State University College of Law ( email )

P.O. Box 4037
Atlanta, GA 30302-4037
United States
404.413.9173 (Phone)

Stanford University - Stanford Law School Center for Internet and Society ( email )

559 Nathan Abbott Way
Stanford, CA 94305-8610
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics