Cyber Risk and Security Investment
41 Pages Posted: 17 Mar 2022 Last revised: 7 Jul 2023
Date Written: July 6, 2023
We develop a model in which firms invest in cybersecurity to protect themselves and their clients from cyber attacks. Since security investment is unobservable, firms signal their investment to attract clients. We derive testable implications for the probability of a successful cyber attack, firm security investment, and the intensity and modality of cyber attacks. To improve efficiency, a regulator can impose a minimum level of security investment or legislate consumer protection that induces firms to invest the constrained-efficient amount in cyber security. Overall, our results support regulatory efforts to increase transparency around cyber security.
Keywords: Cyber security, financial markets, platforms, ransomware, principal-agent
JEL Classification: G10, G28
Suggested Citation: Suggested Citation