So You Think You Are Safe: Implications of Quality Uncertainty in Security Software

50 Pages Posted: 24 Jun 2015 Last revised: 12 Jul 2021

See all articles by Hajime Shimao

Hajime Shimao

Santa Fe Institute

Warut Khern-am-nuai

McGill University - Desautels Faculty of Management

Sung Joo Kim

Purdue University - Daniels School of Business

Karthik Natarajan Kannan

Purdue University

Date Written: July 11, 2021

Abstract

Many users lack the ability to correctly estimate the true quality of the security software they purchase. Yet, most of analytical research assumes otherwise. We were motivated to incorporate this "false sense of security" behavior into a game-theoretic model and study the implications on welfare parameters. Our model features two segments of consumers, biased signal recipients (BSR) and unbiased signal recipients (USR), and a monopolistic software vendor. USR consumers observe the true quality of the security software, while the BSR ones overestimate. While the proportion of both segments are known to the software vendor, consumers are uncertain about the segment they belong to. We find that, in fact, an increase in the amount of bias (i.e., the disparity between the true quality and perceived quality of security software) is not necessarily harmful to society. Furthermore, there exist some circumstances where society and consumers could be better off if the security software did not exist. Interestingly, we also find that the case where consumers know the information structure and weight their expectation accordingly does not always lead to optimal social welfare. These results contrast with the conventional wisdom and are crucially important in developing appropriate policies in this context.

Keywords: Economics of Information Security, Information Uncertainty, Misinformation, Risk Compensation Behavior

JEL Classification: D82

Suggested Citation

Shimao, Hajime and Khern-am-nuai, Warut and Kim, Sung Joo and Kannan, Karthik Natarajan, So You Think You Are Safe: Implications of Quality Uncertainty in Security Software (July 11, 2021). Available at SSRN: https://ssrn.com/abstract=2621846 or http://dx.doi.org/10.2139/ssrn.2621846

Hajime Shimao

Santa Fe Institute ( email )

1399 Hyde Park Road
Santa Fe, NM 87501
United States

Warut Khern-am-nuai (Contact Author)

McGill University - Desautels Faculty of Management ( email )

1001 Sherbrooke St. West
Montreal, Quebec H3A1G5 H3A 2M1
Canada

Sung Joo Kim

Purdue University - Daniels School of Business ( email )

610 Purdue Mall
West Lafayette, IN 47907
United States

Karthik Natarajan Kannan

Purdue University ( email )

Krannert School of Management
West Lafayette, IN 47907
United States

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
269
Abstract Views
1,665
Rank
206,807
PlumX Metrics