Efficient Cyber Risk: Security and Competition in Financial Markets
59 Pages Posted: 12 Mar 2020 Last revised: 16 Jun 2020
Date Written: February 12, 2020
In financial markets, clients entrust their capital and data to financial infrastructure providers who are vulnerable to breaches. We develop a model in which infrastructure providers compete to provide secure and efficient client services, in the presence of a cyber-attacker. In equilibrium, provider competition leads to both lower fees and security investment, but potentially greater vulnerability, in comparison to a monopolistic platform. We find that providers prefer to consolidate into a single platform, whereas clients prefer a fragmented infrastructure. The inefficiency of consolidated providers stems from under-investment in security when the market is small, and over-investment when the market is large. Policy makers should be wary of consolidation of critical financial infrastructure, as the impacts to security do not compensate clients for the increase in fees. Instead, minimum security investment requirements may improve security in competitive environments while yielding higher utility than the comparable monopoly platform.
Keywords: cyber risk, regulation, principal-agent, market structure, competition
JEL Classification: C7, C72, D4, G18, G2, G20, G21, G23
Suggested Citation: Suggested Citation