nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

Cyber-Warranties as a Quality Signal for Information Security Products

verfasst von : Daniel W. Woods, Andrew C. Simpson

Erschienen in: Decision and Game Theory for Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Consumers struggle to distinguish between the quality of different enterprise security products. Evaluating performance is complicated by the stochastic nature of losses. It is recognised that this information asymmetry may lead to a “market for lemons” in which suppliers face no incentive to provide higher quality products. Some security vendors have begun to offer cyber-warranties—voluntary ex-ante obligations to indemnify the customer in the event of a cyber attack—to function as a quality signal. Much like how consumer protection laws are relatively more costly to firms offering low quality products, cyber-warranties are more costly for firms developing low quality enterprise security products. In this paper, we introduce a decision-theoretic model to explore how consumers might use cyber-warranties to increase information when purchasing security products. Our analysis derives four inferences that consumers can make about a security product. We discuss the difficulties customers might face in using these inferences to make real world decisions.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Impact of Privacy on Free Online Service Markets

Nächstes Kapitel Game Theoretic Security Framework for Quantum Key Distribution

https://www.armor.com/cyber-warranty/.

https://www.sentinelone.com/press/sentinelone-establishes-1-million-cyber-threat-protection-guarantee/.

Akerlof, G.A.: The market for “lemons”: quality uncertainty and the market mechanism. In: Diamond, P., Rothschild, A. (eds.) Uncertainty in Economics, pp. 235–251. Elsevier, New York (1978)CrossRef

Anderson, R., Moore, T.: The economics of information security. Science 314(5799), 610–613 (2006)CrossRef

Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, Hoboken (2010)

Arrow, K.J.: Uncertainty and the welfare economics of medical care (American economic review, 1963). J. Health Polit. Policy Law 26(5), 851–883 (2001)CrossRef

Bandyopadhyay, T., Mookerjee, V.S., Rao, R.C.: Why IT managers don’t go for cyber-insurance products. Commun. ACM 52(11), 68–73 (2009)CrossRef

Bertrand, J.: Theorie mathematique de la richesse sociale. J. des Savants 499–508 (1883)

Biener, C., Eling, M., Wirfs, J.H.: Insurability of cyber risk: an empirical analysis. Geneva Pap. Risk Insur. Issues Pract. 40(1), 131–158 (2015)CrossRef

Böhme, R.: Cyber-insurance revisited. In: Proceedings of The 4th Workshop on the Economics of Information Security (WEIS 2005) (2005)

Böhme, R., Moore, T.: The “iterated weakest link” model of adaptive security investment. J. Inf. Secur. 7(2), 81–102 (2016)

10.

Böhme, R., Schwartz, G.: Modeling cyber-insurance: towards a unifying framework. In: Proceedings of The 9th Workshop on the Economics of Information Security (WEIS 2010) (2010)

11.

Caulfield, T., Ioannidis, C., Pym, D.: The US vulnerabilities equities process: an economic perspective. In: Rass, S., An, B., Kiekintveld, C., Fang, F., Schauer, S. (eds.) Decision and Game Theory for Security. LNCS, vol. 10575, pp. 131–150. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68711-7_8CrossRef

12.

Dodds, W.B., Monroe, K.B., Grewal, D.: Effects of price, brand, and store information on buyers’ product evaluations. J. Mark. Res. 28(3), 307–319 (1991)CrossRef

13.

Franke, U.: The cyber insurance market in Sweden. Comput. Secur. 68, 130–144 (2017)CrossRef

14.

Fultz, N., Grossklags, J.: Blue versus red: towards a model of distributed security attacks. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 167–183. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03549-4_10CrossRef

15.

Gemignani, M.C.: Product liability and software. Rutgers Comput. Technol. J. 8, 173 (1980)

16.

Gordon, L.A., Loeb, M.P.: The economics of information security investment. ACM Trans. Inf. Syst. Secur. (TISSEC) 5(4), 438–457 (2002)CrossRef

17.

Heitzenrater, C., Simpson, A.C.: A case for the economics of secure software development. In: Proceedings of the 2016 New Security Paradigms Workshop, pp. 92–105. ACM (2016)

18.

Herley, C., Florêncio, D.: Nobody sells gold for the price of silver: Dishonesty, uncertainty and the underground economy. In: Moore, T. (ed.) Economics of Information Security and Privacy, pp. 33–53. Springer, Boston (2010). https://doi.org/10.1007/978-1-4419-6967-5_3CrossRef

19.

Johnson, B., Böhme, R., Grossklags, J.: Security games with market insurance. In: Baras, J.S., Katz, J., Altman, E. (eds.) GameSec 2011. LNCS, vol. 7037, pp. 117–130. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25280-8_11CrossRefMATH

20.

Kesan, J., Majuca, R., Yurcik, W.: Cyberinsurance as a market-based solution to the problem of cybersecurity: a case study. In: Proceedings of The 4th Workshop on the Economics of Information Security (WEI 2005) (2005)

21.

Khalili, M.M., Liu, M., Romanosky, S.: Embracing and controlling risk dependency in cyber-insurance policy underwriting. In: Proceedings of The 17th Workshop on the Economics of Information Security (WEIS 2018) (2018)

22.

Kotulic, A.G., Clark, J.G.: Why there aren’t more information security research studies. Inf. Manage. 41(5), 597–607 (2004)CrossRef

23.

Laszka, A., Farhang, S., Grossklags, J.: On the economics of ransomware. In: Rass, S., An, B., Kiekintveld, C., Fang, F., Schauer, S. (eds.) Decision and Game Theory for Security. LNCS, vol. 10575, pp. 397–417. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68711-7_21CrossRef

24.

Laszka, A., Grossklags, J.: Should cyber-insurance providers invest in software security? In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9326, pp. 483–502. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24174-6_25CrossRef

25.

Manshaei, M.H., Zhu, Q., Alpcan, T., Bacşar, T., Hubaux, J.P.: Game theory meets network security and privacy. ACM Comput. Surv. (CSUR) 45(3), 25 (2013)CrossRef

26.

Pal, R., Golubchik, L.: Analyzing self-defense investments in internet security under cyber-insurance coverage. In: Proceedings of the IEEE 30th International Conference on Distributed Computing Systems (ICDCS2010), pp. 339–347. IEEE (2010)

27.

Polinsky, A.M., Shavell, S.: The uneasy case for product liability. Harvard Law Rev. 123, 1437–1491 (2009)

28.

Rao, A.R., Qu, L., Ruekert, R.W.: Signaling unobservable product quality through a brand ally. J. Mark. Res. 36(2), 258–268 (1999)CrossRef

29.

Romanosky, S., Ablon, L., Kuehn, A., Jones, T.: Content analysis of cyber insurance policies: how do carriers write policies and price cyber risk? In: Proceedings of The 16th Workshop on the Economics of Information Security (WEIS 2017) (2017)

30.

Rustad, M.L., Koenig, T.H.: The tort of negligent enablement of cybercrime. Berkeley Tech. Law J. 20, 1553 (2005)

31.

Ryan, D.J., Heckman, C.: Two views on security software liability. let the legal system decide. IEEE Secur. Priv. 99(1), 70–72 (2003)CrossRef

32.

Schneier, B.: Insurance and the computer industry. Commun. ACM 44(3), 114–114 (2001)CrossRef

33.

Scott, M.D.: Tort liability for vendors of insecure software: has the time finally come. Maryland Law Rev. 67, 425 (2007)

34.

Shapiro, C., Varian, H.R.: Information Rules: A Strategic Guide to the Network Economy. Harvard Business Press, Boston (1998)

35.

Tanaka, H., Matsuura, K., Sudoh, O.: Vulnerability and information security investment: an empirical analysis of e-local government in Japan. J. Acc. Public Policy 24(1), 37–59 (2005)CrossRef

36.

Woods, D., Agrafiotis, I., Nurse, J.R., Creese, S.: Mapping the coverage of security controls in cyber insurance proposal forms. J. Internet Serv. Appl. 8(1), 8 (2017)CrossRef

37.

Woods, D., Simpson, A.C.: Policy measures and cyber insurance: a framework. J. Cyber Policy 2(2), 209–226 (2017)CrossRef

38.

Zweifel, P., Eisen, R.: Insurance Economics. Springer Science, Heidelberg (2012). https://doi.org/10.1007/978-3-642-20548-4CrossRef

Titel: Cyber-Warranties as a Quality Signal for Information Security Products
verfasst von: Daniel W. Woods
Andrew C. Simpson
Verlag: Springer International Publishing
Buch: Decision and Game Theory for Security
Print ISBN: 978-3-030-01553-4

Electronic ISBN: 978-3-030-01554-1

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-030-01554-1_2

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"