Market Impact on IT Security Spending
Posted: 2 Jul 2013
Date Written: June 14, 2013
Abstract
Traditionally, IT security investment decisions are made in isolation. However, as firms that compete for customers in an industry are closely interlinked, a macro perspective is needed in analyzing the IT security spending decisions and this is a key contribution of the paper. We introduce the notions of direct- and cross-risk elasticity to describe the customer response to adverse IT security events in the firm and competitor, respectively, thus allowing us to analyze optimal security investment decisions. Both symmetric and asymmetric cases are examined for a duopoly in a continuous-time Markov chain (CTMC) setting. We demonstrate that optimal IT security spending, expected firm profits and willingness of firms to cooperate with competitors to improve security are highly dependent on the nature of customer response to adverse events, especially whether customer response to adverse security events in the competitor increases or decreases firm demand.
Suggested Citation: Suggested Citation