PDF iconDownload This Paper
Open PDF in Browser
Add Paper to My Library
Permalink
Using these links will ensure access to this page indefinitely
Copy URL
Copy DOI

Managing Interdependent Information Security Risks: Cyberinsurance, Managed Security Services, and Risk Pooling Arrangements

Journal of Management Information Systems, Forthcoming

48 Pages Posted: 20 Apr 2010 Last revised: 6 Aug 2014

See all articles by Xia Zhao

Xia Zhao

University of North Carolina at Greensboro - Information Systems & Supply Chain Management

Ling Xue

Georgia State University

Andrew B. Whinston

University of Texas at Austin - Department of Information, Risk and Operations Management

Date Written: March 11, 2013

Abstract

The interdependency of information security risks often induces firms to invest inefficiently in IT security management. Cyberinsurance has been proposed as a promising solution to help firms optimize security spending. However, cyberinsurance is ineffective in addressing the investment inefficiency caused by risk interdependency. In this paper, we examine two alternative risk management approaches: risk pooling arrangements (RPAs) and managed security services (MSSs). We show that firms can use an RPA as a complement to cyberinsurance to address the overinvestment issue caused by negative externalities of security investments; however, the adoption of an RPA is not incentive-compatible for firms when the security investments generate positive externalities. We then show that the MSS provider (MSSP) serving multiple firms can internalize the externalities of security investments and mitigate the security investment inefficiency. As a result of risk interdependency, collective outsourcing arises as an equilibrium only when the total number of firms is small.

Keywords: information security, cyberinsurance, risk pooling, risk management, managed security service, economics of information systems

Suggested Citation

Zhao, Xia and Xue, Ling and Whinston, Andrew B., Managing Interdependent Information Security Risks: Cyberinsurance, Managed Security Services, and Risk Pooling Arrangements (March 11, 2013). Journal of Management Information Systems, Forthcoming, Available at SSRN: https://ssrn.com/abstract=1593137 or http://dx.doi.org/10.2139/ssrn.1593137

Xia Zhao (Contact Author)

University of North Carolina at Greensboro - Information Systems & Supply Chain Management ( email )

401 Bryan Building
Greensboro, NC 27402-6179
United States

Ling Xue

Georgia State University ( email )

35 Broad Street
Atlanta, GA 30303-3083
United States

Andrew B. Whinston

University of Texas at Austin - Department of Information, Risk and Operations Management ( email )

CBA 5.202
Austin, TX 78712
United States
512-471-8879 (Phone)

PDF iconDownload This Paper
Open PDF in Browser

Do you have negative results from your research you’d like to share?

Submit Negative Results

Paper statistics

Downloads
249
Abstract Views
1,507
Rank
225,260
8 Citations
43 References
PlumX Metrics

Related eJournals

  • Risk Management eJournal

    Follow

    Risk Management eJournal

    Subscribe to this fee journal for more curated articles on this topic

    FOLLOWERS
    4,665
    PAPERS
    15,584
    This Journal is curated by:
    Robert Sales at Global Association of Risk Professionals

  • Economics of Networks eJournal

    Follow

    Economics of Networks eJournal

    Subscribe to this free journal for more curated articles on this topic

    FOLLOWERS
    2,706
    PAPERS
    14,764
    This Journal is curated by:
    Nicholas Economides at New York University - Leonard N. Stern School of Business - Department of Economics

  • Microeconomics: Decision-Making under Risk & Uncertainty eJournal

    Follow

    Microeconomics: Decision-Making under Risk & Uncertainty eJournal

    Subscribe to this fee journal for more curated articles on this topic

    FOLLOWERS
    833
    PAPERS
    8,054
    This Journal is curated by:
    Victor Ricciardi at Ursinus College

  • Innovation & Management Science eJournal

    Follow

    Innovation & Management Science eJournal

    Subscribe to this fee journal for more curated articles on this topic

    FOLLOWERS
    279
    PAPERS
    7,435

  • Innovation Law & Policy eJournal

    Follow

    Innovation Law & Policy eJournal

    Subscribe to this fee journal for more curated articles on this topic

    FOLLOWERS
    260
    PAPERS
    29,444

  • eBusiness & eCommerce eJournal

    Follow

    eBusiness & eCommerce eJournal

    Subscribe to this fee journal for more curated articles on this topic

    FOLLOWERS
    230
    PAPERS
    7,199
    This Journal is curated by:
    Erik Brynjolfsson at National Bureau of Economic Research (NBER), John Little at Massachusetts Institute of Technology (MIT), Xiaoquan (Michael) Zhang at Chinese University of Hong Kong

  • Information Systems: Behavioral & Social Methods eJournal

    Follow

    Information Systems: Behavioral & Social Methods eJournal

    Subscribe to this fee journal for more curated articles on this topic

    FOLLOWERS
    183
    PAPERS
    7,724

Recommended Papers