Why Companies Have Little Incentive to Invest in Cybersecurity

SonyBy Benjamin Dean

The Conversation

Another month, another data breach, and another set of proposals for what is seemingly an intensifying cyberattack problem.

When we examine the evidence, though, the actual expenses from the recent and high-profile breaches at Sony, Target and Home Depot amount to less than 1% of each company’s annual revenues. After reimbursement from insurance and minus tax deductions, the losses are even less.

This indicates that the financial incentives for companies to invest in greater information security are low and suggests that government intervention might be needed.

To date, though, few of the policy proposals aimed at improving information security are directed towards the root cause of this problem. Rather than creating incentives for companies to invest in better information security, the Australian, UK and US government proposals are for more information sharing than securing. In all cases, this sharing is to be done with intelligence agencies. Why is this and what does it tell us about what the real cyberthreat to our information is?

We have a market failure relating to asymmetric information, which results in the problem of “moral hazard” for private companies in the area of information security. Moral hazard occurs when one person or organization takes greater risks because others bear the burden or costs of those risks.

For an example, credit and debit card providers incurred the most costly part of the Home Depot breach. Credit unions claim to have spent $60 million in September 2014 alone replacing compromised cards. Each customer whose card had to be replaced also incurred a cost in terms of inconvenience.

It therefore does not make economic sense for companies like Home Depot to make large investments in information security. As a result, they do not. The insurance pay-outs and tax deductible breach-related expenses weaken the incentives even more.

Continue to full article . . .

Picture: Jaberwokkee (Own work) [CC BY-SA 3.0 (http://creativecommons.org/licenses/by-sa/3.0)%5D, via Wikimedia Commons

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.