Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities

Information Systems Frontiers, 23 (3), 773-790, 2021

45 Pages Posted: 28 Mar 2022

See all articles by Chenglong Zhang

Chenglong Zhang

Chinese University of Hong Kong, Shenzhen

Nan Feng

Tianjin University - College of Management and Economics

Jianjian Chen

affiliation not provided to SSRN

Dahui Li

University of Colorado, Colorado Springs - College of Business; University of Minnesota - Duluth - Labovitz School of Business and Economics (LSBE)

Minqiang Li

Tianjin University - College of Management and Economics

Date Written: November 26, 2015

Abstract

Firms in a close business partnership could choose to either outsource to the same or different Managed Security Service Providers (MSSPs) when making outsourcing decisions. Apart from security investments, compensation ratios, and network externalities, the firms in a close business partnership face the new challenge of correlated loss when making the outsourcing decisions. We first show that if the two firms in the business partnership outsource to the same MSSP, the security investments on the two firms are greater under positive externalities and vice versa. More importantly, we further find out that under positive externality the two firms are better off outsourcing to the same MSSP if the correlated loss level is lower (greater) than a threshold when the compensation ratios are less (greater) than 1; under negative externality the two firms are better off outsourcing to the same MSSP if the correlated loss level is lower (greater) than a threshold when the compensation ratios are greater (less) than 1. Our analytical results offer important managerial implications to firms in a close business partnership when deciding on their outsourcing strategies.

Keywords: Information Security, Outrsourcing, MSSP, Externality, Correlated Losses

JEL Classification: D21

Suggested Citation

Zhang, Chenglong and Feng, Nan and Chen, Jianjian and Li, Dahui and Li, Minqiang, Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities (November 26, 2015). Information Systems Frontiers, 23 (3), 773-790, 2021, Available at SSRN: https://ssrn.com/abstract=4044223

Chenglong Zhang (Contact Author)

Chinese University of Hong Kong, Shenzhen ( email )

2001 Longxiang Road, Longgang District
Shenzhen, 518172
China

Nan Feng

Tianjin University - College of Management and Economics ( email )

NO.92 Weijin Road
Nankai District
Tianjin, 300072
China

Jianjian Chen

affiliation not provided to SSRN

Dahui Li

University of Colorado, Colorado Springs - College of Business ( email )

1420 Austin Bluffs Parkway
Colorado Springs, CO 80933-7150
United States

University of Minnesota - Duluth - Labovitz School of Business and Economics (LSBE) ( email )

412 Library Drive
Duluth, MN 55812-2496
United States

Minqiang Li

Tianjin University - College of Management and Economics ( email )

NO.92 Weijin Road
Nankai District
Tianjin, 300072
China

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
38
Abstract Views
213
PlumX Metrics